Hi,
I have a vpn between 2 pix, one 506 and one 501.
My problem is the vpn go down but we see the vpn is still up ...
If i make a "sh crypto isakmp sa", we can see that 1 tunnel was create but I can't ping the other side. If a make a "ping inside 192.168.x.x", the connection go up ...
The configuration seems good.
Someone have an idea to resolve the problem ?
Thanks a lot,
Fwed
-------crypto 506 conf------------- sysopt connection permit-ipsec crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 30 ipsec-isakmp crypto map outside_map 30 match address outside_cryptomap_30 crypto map outside_map 30 set pfs group5 crypto map outside_map 30 set peer 2xx.xxx.xxx.xxx crypto map outside_map 30 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 2xx.xxx.xxx.xxx netmask 255.255.255.255 no-xauth no-config-mode isakmp policy 30 authentication pre-share isakmp policy 30 encryption aes-256 isakmp policy 30 hash sha isakmp policy 30 group 5 isakmp policy 30 lifetime 86400
-------crypto 506 conf-------------
-------crypto 501 conf------------- sysopt connection permit-ipsec crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set pfs group5 crypto map outside_map 20 set peer 1xx.xxx.xxx.xxx crypto map outside_map 20 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 1xx.xxx.xxx.xxx netmask 255.255.255.255 isakmp policy 20 authentication pre-share isakmp policy 20 encryption aes-256 isakmp policy 20 hash sha isakmp policy 20 group 5 isakmp policy 20 lifetime 86400
-------crypto 501 conf-------------