Solved

VPN Help.

Posted on 2006-11-17
8
264 Views
Last Modified: 2013-11-16
I am working on building a site to site vpn between a pix 506 and a cisco vpn box however am having some trouble getting the tunnel setup. What are some troubleshooting tips?
0
Comment
Question by:af500
  • 3
  • 2
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17971929
Make sure that both ends match:
Start with output of "show cry is sa" - look for QM_IDLE
MM_NO_STATE is problems with ISAKMP phase I
   check pre-shared keys
   check peer IP address
   check transform sets match, ie. 3des/md5/group 2
   check timeouts match
   enable/disable keepalive both sides

"show cry ip sa" look for error packets, one-way communications (decrypts but no encrypts, or encrypts but no decrypts)  
Access-lists to define the VPN traffic (local lan) - (remote lans) are mirror images both sides
0
 
LVL 4

Author Comment

by:af500
ID: 17982986
double-checked all ipsec & isakmp paramaters...

show cry ip sa - I'm not seeing any traffic...

my network is 192.168.1.xxx however the IP range I have to use is 192.168.10.xxx - something else on the pix need to be changed?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18107902
Are you still working on this? Have you found a solution?
Sorry about not getting back around to this Q . .
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Author Comment

by:af500
ID: 18230196
I ended up having to upgrade the IOS to the latest to resolve this.
0
 
LVL 4

Author Comment

by:af500
ID: 18230354
thanks
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18256712
PAQed with points refunded (90)

Computer101
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now