Solved

VPN Help.

Posted on 2006-11-17
8
288 Views
Last Modified: 2013-11-16
I am working on building a site to site vpn between a pix 506 and a cisco vpn box however am having some trouble getting the tunnel setup. What are some troubleshooting tips?
0
Comment
Question by:af500
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17971929
Make sure that both ends match:
Start with output of "show cry is sa" - look for QM_IDLE
MM_NO_STATE is problems with ISAKMP phase I
   check pre-shared keys
   check peer IP address
   check transform sets match, ie. 3des/md5/group 2
   check timeouts match
   enable/disable keepalive both sides

"show cry ip sa" look for error packets, one-way communications (decrypts but no encrypts, or encrypts but no decrypts)  
Access-lists to define the VPN traffic (local lan) - (remote lans) are mirror images both sides
0
 
LVL 4

Author Comment

by:af500
ID: 17982986
double-checked all ipsec & isakmp paramaters...

show cry ip sa - I'm not seeing any traffic...

my network is 192.168.1.xxx however the IP range I have to use is 192.168.10.xxx - something else on the pix need to be changed?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18107902
Are you still working on this? Have you found a solution?
Sorry about not getting back around to this Q . .
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 4

Author Comment

by:af500
ID: 18230196
I ended up having to upgrade the IOS to the latest to resolve this.
0
 
LVL 4

Author Comment

by:af500
ID: 18230354
thanks
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18256712
PAQed with points refunded (90)

Computer101
EE Admin
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question