Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN problems, PIX and Router

Thread Tools

VPN problems, PIX and Router
Posts: n/a
Hi All,

I just checked my isakmp SA's and I'm getting something I find strange.
It shows the following:

PIX# show cry isakmp sa
Total : 1
Embryonic : 0
dst src state pending created QM_IDLE 0 1

But here's what I'm wondering, it shows this on the router I'm trying
to connect to:

2621#show cry isakmp sa
dst src state conn-id slot QM_IDLE 1 0

I would think that both the PIX and the Router should mirror each
other, with one being the source and the other the destination? Is
there a way to track 'interesting information' marked by the ACL I have
for VPN? Aren't the source and destination supposed to be reversed
when viewing with this command?

BTW... I've also used show cry ipsec sa, which DOES show the local and
remote addresses in the right places. I'm really confused on why this
PIX and Router don't seem to send anything to each other. I've used
the commands for matching internal IPs to Ips on the remote site, and
have mirrored them.

I'm wondering if something's incompatible with the versions of the PIX
and the Router. The PIX is 6.3(3) and the Router is 12.2(15).



Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
Router to router and pix redundant IPSEC VPN Cisco 1 02-06-2006 06:36 PM
VPN - Easy VPN Server (PIX 515) and Hardware Client (831 Router) Al Cisco 0 02-16-2005 08:15 PM
mixing pix-to-pix vpn and pptp-dial-in-vpn on pix501 Tom Cisco 4 11-17-2004 02:18 PM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM