Solved

LAN-to-LAN between PIX-515 and PIX-5252 --Urgent Help Required

Posted on 2008-06-23
2
279 Views
Last Modified: 2013-11-16
Hi

I have setup LAN-LAN  tunne lbetween PIX-525 and PIX-515.The host 219..47.190.93/32  is behind PIX-525 and 912.168.243.0/24 is behind PIX-515.I cannot see the tunnel coming up .Also,I do" sh cry isakmp sa" nothing shows up.
 The configurations are attached.

Thanks in Advance
23508793-ee-PIX-525.txt
0
Comment
Question by:alimohammed72
2 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 21854829
>crypto map outside_map 100 set transform-set ESP-3DES-SHA
You need an isakmp policy on each side that matches the transform-set
Example:

crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
0
 
LVL 3

Accepted Solution

by:
AugustTen earned 500 total points
ID: 21854949
No you do not need an isakmp policy that match the transform set. They are independent and used in different phases of the negotiation.

But the ACL associated with the crypto map does not match, you specify a host on one side and a network on the other.

If this does not help, run "debug crypto isakmp" and "debug crypto ipsec" and attach the output here.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Getting locked out and can't access Cisco via the web 18 66
Help with ASA config smtp traffic 10 39
Cisco Router / Switch - NAT 10 43
ISP Change 14 51
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question