[c-nsp] vpn l2l issue - pix 506E to an asa5510

Ryan West rwest at zyedge.com
Thu Dec 24 09:03:10 EST 2009


Dalton,

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of dalton
> Sent: Thursday, December 24, 2009 6:47 AM
> 
> 
> Hi all,
> 
> I am having a strange issue trying to establish a tunnel between a pix
> 506E and an ASA5510.
> 
> sh isa sa on my pix shows tunnel status as failing at MM_KEY_EXCH
> 
> i have verified the phase 1 settings and key to be correct here,
> 
> also running the pix in debug mode, it appears the pix is passing phase
> 1.
> 
> I am natting the destination nets here, and am wondering if perhaps
> this
> is causing the issue.
> 

Have you tried entering in the passwords again on both sides?  Can you post your relevant NAT, interesting ACLs, and crypto settings?

-ryan


More information about the cisco-nsp mailing list