I've had the same issue with 515 and 2 X 505's running 6.4, and I had
to remove the crypto map from the 515 before adding the second 505,
and then re-apply it to the interface.

It looks like the ACL and maps could get corrupted, therefore, before
adding anything to the crypto map, I always make sure I unbind it,
make the changes and then rebind it.

On 9/12/07, Jerry B. Altzman wrote:
> Hi,
>
> I wonder if any of you have encountered this problem before with
> PIX<->PIX VPNs.
>
> A client of mine has 3 firewalls: a Fortigate, a 515 and a 501. The 515
> and FG already have an IPSec lan-to-lan VPN between them that works fine.
>
> We'd like to set up a mesh of L2L VPNs, but first steps first: we need
> to connect the 515 to the new 501.
>
> I've gone through the configurations, followed the directions from
> cisco's website, cleared everything out and done everything *but*
> restarted the 515 (which is in production and might cause some
> consternation if it were rebooted willy-nilly)
>
> I've watched the logging output, and it doesn't seem that the 501/515
> pair even attempt to do the phase 1 IPSec negotiations. It's just that
> NOTHING happens at all.
>
> Has anyone seen this? Any received wisdom on this? My search-engine-fu
> must be weak, I've not managed to tease out a solution to this from the
> all-seeing GoogleEye.
>
> Thanks!
>
> //jbaltz
> --
> jerry b. altzman jbaltz@altzman.com www.jbaltz.com
> thank you for contributing to the heat death of the universe.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>




--
Best regards,


Julian Dragut
If you knew that you wouldn't fall, how far would you have gone?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards