Cisco - Troubleshooting a pix (501) to 1760 router (ipsec)

03-03-2008, 06:53 PM

Hi there members,

I have a pix 501 located in our noc which connects to a number of 1760 cisco routers, (there are five in total). One of the five has stopped responding to any initiated vpn connections from the pix

An engineer has attended to this router and confirms that it's ok and running fine, we can ping the public IP of it and see it replies ok.

However, since I've inherited this Pix and am not a cisco expert, ive been trawling these forums and google to find out how i can work this out.

I have a colleague going to site tomorrow where the said 1760 is to get him to look at the logs/debug and I was hoping that someone where might be able to give me a short list of commands which can tell us why the router is not getting the vpn connection from the PIX, on the Pix and router?

I have checked the PIX's config making sure I have the correct IPsec key(usng a key exchange pair) and that we have correct ip used to connect to the router and Security policies to allow this connection to happen using PDM and command line, which both tie up.

Im using PIX fw version 6.2(2) and the routers using 12.6 ios, iirc.

I have my PIX sending its logs to a linux syslog but im unsure what exactly im looking for

Syslog logging: enabled
Facility: 22
Timestamp logging: enabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level warnings, 868 messages logged
Trap logging: level debugging, 6038 messages logged
Logging to inside 172.16.0.200
History logging: disabled

However, i was looking at the pix and noticed some capture commands but was not certain if this was correct to use, or whether i should be doing something else.

Hope someone can help, many thanks in advance.

dan.

dan.cave

dan.cave · 03-04-2008, 09:17 PM

i managed to work out that the running config on my router was bogus... It was missing some key ipsec parts and the router was reflashed by a third party rendering it incompatible with the pix..

hopefully it'll get fixed tomorrow.

dan.cave

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
router to router	edwardsmichael	Hardware	7	01-31-2010 05:18 PM
Cisco 2621 xm router has high cpu usage	Seby	Hardware	1	01-16-2008 05:31 AM
Problem Connecting Through Router	Nobody404	General Help Related Topics	0	07-10-2007 11:28 PM
Adsl Router > Dual Wan Load Balancing Router > 24 port Switch Hub	nazeth	Hardware	0	03-28-2007 09:36 AM
Connecting dsl modem, switch and WiFi router	RameshMeda	Hardware	0	11-03-2006 01:58 PM

03-03-2008, 06:53 PM	#1
	Troubleshooting a pix (501) to 1760 router (ipsec) Hi there members, I have a pix 501 located in our noc which connects to a number of 1760 cisco routers, (there are five in total). One of the five has stopped responding to any initiated vpn connections from the pix An engineer has attended to this router and confirms that it's ok and running fine, we can ping the public IP of it and see it replies ok. However, since I've inherited this Pix and am not a cisco expert, ive been trawling these forums and google to find out how i can work this out. I have a colleague going to site tomorrow where the said 1760 is to get him to look at the logs/debug and I was hoping that someone where might be able to give me a short list of commands which can tell us why the router is not getting the vpn connection from the PIX, on the Pix and router? I have checked the PIX's config making sure I have the correct IPsec key(usng a key exchange pair) and that we have correct ip used to connect to the router and Security policies to allow this connection to happen using PDM and command line, which both tie up. Im using PIX fw version 6.2(2) and the routers using 12.6 ios, iirc. I have my PIX sending its logs to a linux syslog but im unsure what exactly im looking for Syslog logging: enabled Facility: 22 Timestamp logging: enabled Standby logging: disabled Console logging: disabled Monitor logging: disabled Buffer logging: level warnings, 868 messages logged Trap logging: level debugging, 6038 messages logged Logging to inside 172.16.0.200 History logging: disabled However, i was looking at the pix and noticed some capture commands but was not certain if this was correct to use, or whether i should be doing something else. Hope someone can help, many thanks in advance. dan. dan.cave

03-04-2008, 09:17 PM	#2
dan.cave Junior Member Join Date: Feb 2008 Posts: 6	i managed to work out that the running config on my router was bogus... It was missing some key ipsec parts and the router was reflashed by a third party rendering it incompatible with the pix.. hopefully it'll get fixed tomorrow. dan.cave