I am trying to setup a site to site VPN between a PIX running 6.2.1 and Symantec Firewall 7.0. It is not making it past IKE and just keeps looping the IKE phase. It matches a policy and then loops over again. In the "show crypto isakmp sa" output, I get hundreds of "QM_IDLE" and every few seconds a "MM_KEY_EXCH" or other similar output. Everything matches on each end and I even intentionally made the preshared key wrong on my end and then it stops looping the policy matching but of course never makes it past IKE. For "show crypto isakmp sa", the "QM_IDLE" stops and I get one or two "MM_KEY_EXCH".
Has anyone successfully made this connection and is there anything to be on the look out for? I've been working with Cisco but they don't see anything wrong. They thought since in the "show crypto isakmp sa" output there was a "MM_KEY_EXCH" the keys were wrong but after reentering the key on both ends, still doesn't work. As mentioned before, if I do make them different, I all the "QM_IDLE" stops. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65369&t=65369 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]