Re: VPN site-to-site not working with PIX 501s
- From: "Vikas" <vsaxena76@xxxxxxxxx>
- Date: 31 May 2006 08:54:14 -0700
Hello John,
When a tunnel drops suddenly both the device will have mismatched
states of the crypto SA and SPD.
The best way is to clear the garbage SA in both the PIX and ping.
The command to clear isa sa would be
clear crypto isakmp sa (cle cry isa sa)
and for ipsec
clear crypto ipsec sa (cle cry ipse sa)
Hope this will help
Vikas
John wrote:
I have two PIX 501s and they were connected via a vpn. All of a sudden
the circuit dropped and after rebooting both devices, I ahve not been
able to reestablish the VPN. I changed the PRE-SHARE key on both and
changed the transform sets, but no change. Once someone gave me a
command to reset the crypto key. I am not sure if this is what I need
to do. Does anyone know the process to do that or can you offer some
troubleshooting advice?
Thanks,
John
.
- References:
- VPN site-to-site not working with PIX 501s
- From: John
- VPN site-to-site not working with PIX 501s
- Prev by Date: Re: Site-to-Site VPN problem between PIX515E
- Next by Date: Active Network Abstraction?(Cisco)
- Previous by thread: VPN site-to-site not working with PIX 501s
- Next by thread: Backup Async going up and down.
- Index(es):
Relevant Pages
|
