Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

LAN-to-LAN between PIX-515 and PIX-5252 --Urgent Help Required

Hi

I have setup LAN-LAN  tunne lbetween PIX-525 and PIX-515.The host 219..47.190.93/32  is behind PIX-525 and 912.168.243.0/24 is behind PIX-515.I cannot see the tunnel coming up .Also,I do" sh cry isakmp sa" nothing shows up.
 The configurations are attached.

Thanks in Advance
23508793-ee-PIX-525.txt
0
alimohammed72
Asked:
alimohammed72
1 Solution
 
lrmooreCommented:
>crypto map outside_map 100 set transform-set ESP-3DES-SHA
You need an isakmp policy on each side that matches the transform-set
Example:

crypto isakmp policy 15
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
0
 
AugustTenCommented:
No you do not need an isakmp policy that match the transform set. They are independent and used in different phases of the negotiation.

But the ACL associated with the crypto map does not match, you specify a host on one side and a network on the other.

If this does not help, run "debug crypto isakmp" and "debug crypto ipsec" and attach the output here.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now