Unable to bring VPN up between PIX firewall and ASA 5505
Hi guys,
Please am having trouble bring up VPN between PIX firewall (HQ), and 5505 remote site.
Attached is the config and also the debug crypto isakmp 127
(config)# sh crypto isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: SWMULBERRYPIX
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
(config)# sh crypto ipsec sa
There are no ipsec sas
Thanks for the anticipated response.
ASAHERONQUAY-config.txt
debug-crypto-isakmp.txt
Please am having trouble bring up VPN between PIX firewall (HQ), and 5505 remote site.
Attached is the config and also the debug crypto isakmp 127
(config)# sh crypto isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: SWMULBERRYPIX
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
(config)# sh crypto ipsec sa
There are no ipsec sas
Thanks for the anticipated response.
ASAHERONQUAY-config.txt
debug-crypto-isakmp.txt
JFrederick29
Can we see the PIX config?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Irmore,
From looking at the config, what should the other two route point to.
Also, can you please write out what the access list to permit traffic from the inside network to the LIB_DMZ subnet in the inside_access_out .
Thanks for the help
From looking at the config, what should the other two route point to.
Also, can you please write out what the access list to permit traffic from the inside network to the LIB_DMZ subnet in the inside_access_out .
Thanks for the help
ASKER
Hi Irmoore,
I have taken out those two route, and change the default route to the internet facing router as the next hop, and it works staright away.
All the PCs are working.
The last question i will like to ask you is, is there any adverse effect in taken out those two route.
Once again thanks for your advcie.
I have taken out those two route, and change the default route to the internet facing router as the next hop, and it works staright away.
All the PCs are working.
The last question i will like to ask you is, is there any adverse effect in taken out those two route.
Once again thanks for your advcie.
You simply do not need the other two routes as long as everything goes out the default anyway.
ASKER
Thanks for you help