Hi, I have a vpn between 2 pix, one 506 and one 501. My problem is the vpn fall down but we see the vpn is still alive ... If i make a "sh crypto isakmp sa", we can see that 1 tunnel was create. The configuration seems good. Someone have an idea to resolve the problem ? Thanks a lot, Fwed -------crypto 506 conf------------- sysopt connection permit-ipsec crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 30 ipsec-isakmp crypto map outside_map 30 match address outside_cryptomap_30 crypto map outside_map 30 set pfs group5 crypto map outside_map 30 set peer 2xx.xxx.xxx.xxx crypto map outside_map 30 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 2xx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp policy 30 authentication pre-share isakmp policy 30 encryption aes-256 isakmp policy 30 hash sha isakmp policy 30 group 5 isakmp policy 30 lifetime 86400 -------crypto 506 conf------------- -------crypto 501 conf------------- sysopt connection permit-ipsec crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set pfs group5 crypto map outside_map 20 set peer 1xx.xxx.xxx.xxx crypto map outside_map 20 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 1xx.xxx.xxx.xxx netmask 255.255.255.255 isakmp policy 20 authentication pre-share isakmp policy 20 encryption aes-256 isakmp policy 20 hash sha isakmp policy 20 group 5 isakmp policy 20 lifetime 86400 -------crypto 501 conf-------------
