VPN pix 506 - 501 fall down

Discussion in 'Cisco' started by Fwed, Aug 30, 2005.

  1. Fwed

    Fwed Guest

    Hi,

    I have a vpn between 2 pix, one 506 and one 501.

    My problem is the vpn fall down but we see the vpn is still alive ...

    If i make a "sh crypto isakmp sa", we can see that 1 tunnel was create.

    The configuration seems good.

    Someone have an idea to resolve the problem ?

    Thanks a lot,

    Fwed

    -------crypto 506 conf-------------
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto map outside_map 30 ipsec-isakmp
    crypto map outside_map 30 match address outside_cryptomap_30
    crypto map outside_map 30 set pfs group5
    crypto map outside_map 30 set peer 2xx.xxx.xxx.xxx
    crypto map outside_map 30 set transform-set ESP-AES-256-SHA
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address 2xx.xxx.xxx.xxx netmask 255.255.255.255
    no-xauth no-config-mode
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption aes-256
    isakmp policy 30 hash sha
    isakmp policy 30 group 5
    isakmp policy 30 lifetime 86400
    -------crypto 506 conf-------------

    -------crypto 501 conf-------------
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto map outside_map 20 ipsec-isakmp
    crypto map outside_map 20 match address outside_cryptomap_20
    crypto map outside_map 20 set pfs group5
    crypto map outside_map 20 set peer 1xx.xxx.xxx.xxx
    crypto map outside_map 20 set transform-set ESP-AES-256-SHA
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address 1xx.xxx.xxx.xxx netmask 255.255.255.255
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption aes-256
    isakmp policy 20 hash sha
    isakmp policy 20 group 5
    isakmp policy 20 lifetime 86400
    -------crypto 501 conf-------------
     
    Fwed, Aug 30, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian
    Replies:
    1
    Views:
    612
    Brian
    Jul 18, 2004
  2. Fwed
    Replies:
    5
    Views:
    842
  3. Silvan Jappert

    Pix 506 & 501 site-to-site VPN question.

    Silvan Jappert, May 1, 2006, in forum: Cisco
    Replies:
    4
    Views:
    3,754
    Silvan Jappert
    May 4, 2006
  4. Replies:
    3
    Views:
    2,243
  5. Jay
    Replies:
    7
    Views:
    1,004
Loading...

Share This Page