Changed Inside IP subnet on PIX 501, cant VPN to PIX 515
- From: "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com>
- Date: Mon, 03 Mar 2008 16:36:59 GMT
So I have a PIX 501 that I configured to use the 10.14.0.0/16 subnet.
Outside Interface is DHCP, ComCast Internet
All is well, connects, traffic passes and we are good.
I have a 1600 series router with Firewall IOS, that I configured to use the
10.11.0.0/16 subnet
Outside interface it DHCP/PPPoE, AT&T DSL Internet
All is well, connects, traffic passes and we are good.
Both are connected via preshared-keys, DefaultRAGroup.
All of the ACLs include both 10.11.0.0/16 subnet and 10.14.0.0/16 subnet
So I want to Replace the Router with the PIX.
I Disconnect the Router,
Reconfigure PIX with 10.11.0.0/16 addresses.
Reboot everything so the MAC addresses are flushed
and it wont connect.
I've turned on all the debugging on the 501 PIX and its like its not seeing
any Interesting traffic to initiate the VPN Link.
doing the show cry map, I see the ACL with the Source/Dest Subnets and they
are correct. though the hitcnt is 0
Seems like if there was an Issue on the PIX 515 side not liking the new
client on the old subnet at least I would see the connection attempt on the
PIX 501 side..
Suggestions?
Scott<-
.
- Follow-Ups:
- Re: Changed Inside IP subnet on PIX 501, cant VPN to PIX 515
- From: Darren Green
- Re: Changed Inside IP subnet on PIX 501, cant VPN to PIX 515
- Prev by Date: Crypto Map With 2 x Set VPN Peer Statements
- Next by Date: Re: Cisco VPN AIM: is really needed for me?
- Previous by thread: Crypto Map With 2 x Set VPN Peer Statements
- Next by thread: Re: Changed Inside IP subnet on PIX 501, cant VPN to PIX 515
- Index(es):
Relevant Pages
|
Loading
