Re: VPN problem from Pix to VPN concentrator 3030 [7:46343]
I don't have both the isakmp statements in my PIX, why do I need it on both interfaces when the crypto map is on only the outside? Also I have two other PIX working OK with the only the one statement Cheers Pat -- email me on : [EMAIL PROTECTED] Brunner Joseph wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... on the 3030 make sure you are manually specifying lan to lan (Local Network and Remote Network) using USE IP ADDRESS/WILDCARD MASK BELOW). While you normally don't have to do this (you can autodiscover) Just do it to test if this is the problem. Also make sure you have both isakmp enable outside isakmp enable inside yes i mean both. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46440t=46343 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN problem from Pix to VPN concentrator 3030 [7:46343]
I have a problem with a ipsec tunnel across the internet from a PIX to a 3030 vpn concentrator. The tunnel occasionally stops routing IP traffic and then starts again without any intervention from anyone. The tunnel is still up when I check both the 3030 and the pix but no IP traffic is sent across the link. I've checked the logs on the 3030 and see the following message : Mismatch: Configured LAN-to-LAN proposal differs from negotiated proposal. Verify local and remote LAN-to-LAN connection lists. I see this message when the tunnel is re-connected and traffic is or is not routed, but it looks like it should be corrected. Any ideas?? Cheers Pat -- email me on : [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46343t=46343 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN problem from Pix to VPN concentrator 3030 [7:46343]
on the 3030 make sure you are manually specifying lan to lan (Local Network and Remote Network) using USE IP ADDRESS/WILDCARD MASK BELOW). While you normally don't have to do this (you can autodiscover) Just do it to test if this is the problem. Also make sure you have both isakmp enable outside isakmp enable inside yes i mean both. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46347t=46343 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]