Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN from Pix to ASA


I'm trying to set up a site to site VPN between a Pix 501 and ASA 5540. After running into some strange problems with passing traffic, I cut my configs down to the very basics--more or less turning it into a lab environment. I have the ASA as the main site with one internal network-- /16 and the Pix as the remote with one internal network-- /24. As far as I can see everything is set up correctly, however I cant seem to get traffic to flow. Pinging from a host on the network brings up the tunnel, however nothing seems to be encrypted from the ASA to the Pix. Please see the attached configs and you'll see that the setup is pretty simple. However, from the "show crypto ipsec sa" on the ASA side, you'll see nothing ever encrypted, while packets are decrypted. On the Pix side the opposite is true. It appears that something is blocking packets from entering the tunnel on the ASA side, but I can't see what would be doing that. Any help is appreciated.


Re: Site to Site VPN from Pix to ASA

1. a default route seems missing on asa.

2. do "show running-config sysopt" in order to verify whether the command "sysopt connection permit-ipsec" is enabled.