Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the Security Value Map? See the map and download the full report today!
Course Of The Month
2 days, 22 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Unable to establish VPN tunnel between ASA 5505 and PIX 515E
Posted on 2008-10-10
We have two offices in the same building. We have a cable run between the two offices. Security policy dictates that we encrypt the data that passes between the two offices. We have a Cisco PIX 515E in Office A and a Cisco ASA 5505 in Office B. They are directly connected with a cat5 cable.... so they're on the same subnet.
I've been unable to get a tunnel working between the two devices - all of the encryption and key exchange settings and PFS settings match - and I've tried several different combinations of DES, 3DES, AES, etc. but it makes no difference. I'm seeing nothing on the PIX when I run 'debug crypto isakmp'.
I have IPSEC rules at each end that match all ip and icmp traffic from the relevant inside networks to the remote side's inside network and visa versa.
I used the wizards to build the config.
Is it a problem that they're on the same subnet?
I've been unable to get a tunnel working between the two devices - all of the encryption and key exchange settings and PFS settings match - and I've tried several different combinations of DES, 3DES, AES, etc. but it makes no difference. I'm seeing nothing on the PIX when I run 'debug crypto isakmp'.
I have IPSEC rules at each end that match all ip and icmp traffic from the relevant inside networks to the remote side's inside network and visa versa.
I used the wizards to build the config.
Is it a problem that they're on the same subnet?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
Check this document
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef796.shtml
may give you an idea what you are up against.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800ef796.shtml
may give you an idea what you are up against.
Thanks for the link. I've done a bit of reading and I *think* the problem is down to the fact that the VPN tunnel it not going over the 'out' interface of the PIX, but a tertiary interface. I've not routed the traffic out of this interface, so it's probably attempting to go out of the 'out' interface as this is the default route.
Gonna give the routing and NAT a closer look in the morning.
Gonna give the routing and NAT a closer look in the morning.
okay, so it was routing. Basically, if the traffic doesn't flow properly before implementing the ipsec, the ipsec isn't going to establish.
Found this link quite useful:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
Found this link quite useful:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.
A concise guide to the settings required on both devices
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal.
As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’
As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month2 days, 22 hours left to enroll
Earn Certification
Cisco CCNP Security: SIMOS
$197.00$177.30
Earn Certification
Cisco CCNA Security: IINS v3.0
$197.00$177.30
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.