I have been having a tough time setting up 3 PIX devices so that all 3 have 2 tunnels to the other 2. I can only get one to keep both tunnels open, making a chain instead of a fully connected triangle. When I managed to bring up the 2nd tunnel on another, it broke the 1st tunnel, leaving me in the same situation. The config for all 3 is nearly identical, so variations in behavior are especially perplexing. 2 are using 6.3(5) and 1 on 6.3(3). Any suggestions would be appreciated.
access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.11.0
255.255.255.0 access-list 100 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list 100 permit ip 192.168.1.0 255.255.255.0 172.17.2.0 255.255.255.0 access-list 110 permit ip 192.168.1.0 255.255.255.0 172.17.2.0 255.255.255.0 access-list 120 permit ip 192.168.1.0 255.255.255.0 192.168.11.0 255.255.255.0nat (inside) 0 access-list 100
sysopt connection permit-ipsec crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto dynamic-map dynmap 30 set transform-set myset crypto map newmap 1 ipsec-isakmp crypto map newmap 1 match address 120 crypto map newmap 1 set peer [office1] crypto map newmap 1 set transform-set myset crypto map newmap 10 ipsec-isakmp crypto map newmap 10 match address 110 crypto map newmap 10 set peer [office2] crypto map newmap 10 set transform-set myset crypto map newmap 20 ipsec-isakmp dynamic dynmap crypto map newmap interface outside isakmp enable outside isakmp key ******** address [office1] netmask 255.255.255.255 no-xauth no-config-mode isakmp key ******** address [office2] netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp nat-traversal 3600 isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400