VPN site-to-site not working with PIX 501s

Discussion in 'Cisco' started by John, May 31, 2006.

  1. John

    John Guest

    I have two PIX 501s and they were connected via a vpn. All of a sudden
    the circuit dropped and after rebooting both devices, I ahve not been
    able to reestablish the VPN. I changed the PRE-SHARE key on both and
    changed the transform sets, but no change. Once someone gave me a
    command to reset the crypto key. I am not sure if this is what I need
    to do. Does anyone know the process to do that or can you offer some
    troubleshooting advice?

    Thanks,

    John
     
    John, May 31, 2006
    #1

    1. Advertisements

  2. John

    Vikas Guest

    Hello John,

    When a tunnel drops suddenly both the device will have mismatched
    states of the crypto SA and SPD.
    The best way is to clear the garbage SA in both the PIX and ping.

    The command to clear isa sa would be
    clear crypto isakmp sa (cle cry isa sa)
    and for ipsec
    clear crypto ipsec sa (cle cry ipse sa)

    Hope this will help
    Vikas
     
    Vikas, May 31, 2006
    #2

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. VPN Site-to-Site with PIX 506 and PIX 515UR (6.3.1). How ?

  2. site-to-site VPN router to PIX VPN

  3. PIX - Site-to-Site VPN and VPN Client access

  4. PIX-to-PIX vpn + remote Access VPN not working

  5. Should I buy Cisco Pix 501 and a 605 E, or two 501s? Do I really need SmartNet Service?

  6. Troubleshooting site-to-site VPN with two PIX 501s

  7. File sharing across 2 PIX 501s with NAT

  8. VPN site to site & Remote access VPN ( vpn client) over the same interface

Loading...