PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN

["Jerry B. Altzman" <jbaltz () altzman com>]

Hi,

I wonder if any of you have encountered this problem before with 
PIX<->PIX VPNs.

A client of mine has 3 firewalls: a Fortigate, a 515 and a 501. The 515 
and FG already have an IPSec lan-to-lan VPN between them that works fine.

We'd like to set up a mesh of L2L VPNs, but first steps first: we need 
to connect the 515 to the new 501.

I've gone through the configurations, followed the directions from 
cisco's website, cleared everything out and done everything *but* 
restarted the 515 (which is in production and might cause some 
consternation if it were rebooted willy-nilly)

I've watched the logging output, and it doesn't seem that the 501/515 
pair even attempt to do the phase 1 IPSec negotiations. It's just that 
NOTHING happens at all.

Has anyone seen this? Any received wisdom on this? My search-engine-fu 
must be weak, I've not managed to tease out a solution to this from the 
all-seeing GoogleEye.

Thanks!

//jbaltz
-- 
jerry b. altzman        jbaltz () altzman com     www.jbaltz.com
thank you for contributing to the heat death of the universe.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards