<div>
Thanks, turns out it was a routing issue instead of a VPN configuration issue.
</div>


Thanks, turns out it was a routing issue instead of a VPN configuration issue.

<div>
<div class="content wysiwyg-content">
I'm trying to create a VPN between a PIX 501 and the ASA 5505...relevant config below for the PIX...when I try to create a matching config on the ASA side, I get a message that says &quot;Ignoring msg to mark SA with specified coordinates &lt;outside_map, 20&gt; dead&quot;. &nbsp; I've redone this on the ASA side 10 times today both by hand and by ADSM, and keep getting the same message. &nbsp;Can someone help me with the correct VPN config for the ASA? &nbsp;Thanks!<br />
<br />
PIX:<br />
isakmp policy 11 authentication pre-share<br />
isakmp policy 11 encryption des<br />
isakmp policy 11 hash md5<br />
isakmp policy 11 group 1<br />
isakmp policy 11 lifetime 86400<br />
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac<br />
crypto map rackmap 200 ipsec-isakmp<br />
crypto map rackmap 200 match address 200<br />
crypto map rackmap 200 set peer &lt;peer&gt;<br />
crypto map rackmap 200 set transform-set rackset2<br />
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0 <br />
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0 <br />
isakmp key &lt;key&gt; address &lt;peer&gt; netmask 255.255.255.255 no-xauth no-config-mode \
</div>
</div>


I'm trying to create a VPN between a PIX 501 and the ASA 5505...relevant config below for the PIX...when I try to create a matching config on the ASA side, I get a message that says "Ignoring msg to mark SA with specified coordinates <outside_map, 20> dead".   I've redone this on the ASA side 10 times today both by hand and by ADSM, and keep getting the same message.  Can someone help me with the correct VPN config for the ASA?  Thanks!

PIX:
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 1
isakmp policy 11 lifetime 86400
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac
crypto map rackmap 200 ipsec-isakmp
crypto map rackmap 200 match address 200
crypto map rackmap 200 set peer <peer>
crypto map rackmap 200 set transform-set rackset2
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0 
isakmp key <key> address <peer> netmask 255.255.255.255 no-xauth no-config-mode \

Creating a site-to-site VPN with PIX 501 and ASA 5505

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.