This is a discussion on Re: [fw-wiz] PIX 501 to PIX 515 IPSec VPN failure, - Firewalls ; I've had the same issue with 515 and 2 X 505's running 6.4, and I had to remove the crypto map from the 515 before adding the second 505, and then re-apply it to the interface. It looks like the ...
I've had the same issue with 515 and 2 X 505's running 6.4, and I had
to remove the crypto map from the 515 before adding the second 505,
and then re-apply it to the interface.
It looks like the ACL and maps could get corrupted, therefore, before
adding anything to the crypto map, I always make sure I unbind it,
make the changes and then rebind it.
On 9/12/07, Jerry B. Altzman
> I wonder if any of you have encountered this problem before with
> PIX<->PIX VPNs.
> A client of mine has 3 firewalls: a Fortigate, a 515 and a 501. The 515
> and FG already have an IPSec lan-to-lan VPN between them that works fine.
> We'd like to set up a mesh of L2L VPNs, but first steps first: we need
> to connect the 515 to the new 501.
> I've gone through the configurations, followed the directions from
> cisco's website, cleared everything out and done everything *but*
> restarted the 515 (which is in production and might cause some
> consternation if it were rebooted willy-nilly)
> I've watched the logging output, and it doesn't seem that the 501/515
> pair even attempt to do the phase 1 IPSec negotiations. It's just that
> NOTHING happens at all.
> Has anyone seen this? Any received wisdom on this? My search-engine-fu
> must be weak, I've not managed to tease out a solution to this from the
> all-seeing GoogleEye.
> jerry b. altzman email@example.com www.jbaltz.com
> thank you for contributing to the heat death of the universe.
> firewall-wizards mailing list
If you knew that you wouldn't fall, how far would you have gone?
firewall-wizards mailing list