brianunc
asked on
Creating a site-to-site VPN with PIX 501 and ASA 5505
I'm trying to create a VPN between a PIX 501 and the ASA 5505...relevant config below for the PIX...when I try to create a matching config on the ASA side, I get a message that says "Ignoring msg to mark SA with specified coordinates <outside_map, 20> dead". I've redone this on the ASA side 10 times today both by hand and by ADSM, and keep getting the same message. Can someone help me with the correct VPN config for the ASA? Thanks!
PIX:
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 1
isakmp policy 11 lifetime 86400
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac
crypto map rackmap 200 ipsec-isakmp
crypto map rackmap 200 match address 200
crypto map rackmap 200 set peer <peer>
crypto map rackmap 200 set transform-set rackset2
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp key <key> address <peer> netmask 255.255.255.255 no-xauth no-config-mode \
PIX:
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 1
isakmp policy 11 lifetime 86400
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac
crypto map rackmap 200 ipsec-isakmp
crypto map rackmap 200 match address 200
crypto map rackmap 200 set peer <peer>
crypto map rackmap 200 set transform-set rackset2
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp key <key> address <peer> netmask 255.255.255.255 no-xauth no-config-mode \
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER