Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Unable to establish VPN tunnel between ASA 5505 and PIX 515E

Posted on 2008-10-10
4
567 Views
Last Modified: 2011-09-20
We have two offices in the same building. We have a cable run between the two offices. Security policy dictates that we encrypt the data that passes between the two offices. We have a Cisco PIX 515E in Office A and a Cisco ASA 5505 in Office B. They are directly connected with a cat5 cable.... so they're on the same subnet.

I've been unable to get a tunnel working between the two devices - all of the encryption and key exchange settings and PFS settings match - and I've tried several different combinations of DES, 3DES, AES, etc. but it makes no difference. I'm seeing nothing on the PIX when I run 'debug crypto isakmp'.

I have IPSEC rules at each end that match all ip and icmp traffic from the relevant inside networks to the remote side's inside network and visa versa.

I used the wizards to build the config.

Is it a problem that they're on the same subnet?
0
Comment
Question by:tlcsupport
  • 2
4 Comments
 
LVL 2

Expert Comment

by:scottbortis
ID: 22689281
Check this document
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef796.shtml

may give you an idea what you are up against.
0
 
LVL 1

Author Comment

by:tlcsupport
ID: 22689865
Thanks for the link. I've done a bit of reading and I *think* the problem is down to the fact that the VPN tunnel it not going over the 'out' interface of the PIX, but a tertiary interface. I've not routed the traffic out of this interface, so it's probably attempting to go out of the 'out' interface as this is the default route.

Gonna give the routing and NAT a closer look in the morning.
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 22690128
Post your configs and let's have a look...
0
 
LVL 1

Accepted Solution

by:
tlcsupport earned 0 total points
ID: 22694950
okay, so it was routing. Basically, if the traffic doesn't flow properly before implementing the ipsec, the ipsec isn't going to establish.

Found this link quite useful:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Trunk question 4 30
IPSec Site to Site VPN Topology 6 43
Updating Group Policy over a PPTP VPN 21 33
cisco asa proxy arp 2 15
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question