Firewall Wizards mailing list archives
Re: PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN
From: "Julian M. Dragut" <julianmd () gmail com>
Date: Wed, 12 Sep 2007 16:38:41 -0400
I've had the same issue with 515 and 2 X 505's running 6.4, and I had to remove the crypto map from the 515 before adding the second 505, and then re-apply it to the interface. It looks like the ACL and maps could get corrupted, therefore, before adding anything to the crypto map, I always make sure I unbind it, make the changes and then rebind it. On 9/12/07, Jerry B. Altzman <jbaltz () altzman com> wrote:
Hi, I wonder if any of you have encountered this problem before with PIX<->PIX VPNs. A client of mine has 3 firewalls: a Fortigate, a 515 and a 501. The 515 and FG already have an IPSec lan-to-lan VPN between them that works fine. We'd like to set up a mesh of L2L VPNs, but first steps first: we need to connect the 515 to the new 501. I've gone through the configurations, followed the directions from cisco's website, cleared everything out and done everything *but* restarted the 515 (which is in production and might cause some consternation if it were rebooted willy-nilly) I've watched the logging output, and it doesn't seem that the 501/515 pair even attempt to do the phase 1 IPSec negotiations. It's just that NOTHING happens at all. Has anyone seen this? Any received wisdom on this? My search-engine-fu must be weak, I've not managed to tease out a solution to this from the all-seeing GoogleEye. Thanks! //jbaltz -- jerry b. altzman jbaltz () altzman com www.jbaltz.com thank you for contributing to the heat death of the universe. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- Best regards, Julian Dragut If you knew that you wouldn't fall, how far would you have gone? _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN Jerry B. Altzman (Sep 12)
- Re: PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN Glenn Crissman (Sep 13)
- Re: PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN Julian M. Dragut (Sep 13)
- Re: PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN Christopher J. Wargaski (Sep 13)
- Re: PIX 501 to PIX 515 IPSec VPN failure, when the 515 already has a VPN Jerry B. Altzman (Sep 17)