We upgraded our PIX to a 515e from a 515 and I want to copy the config to the new 515e from the 515.
I've done a write net, and a config net to get the config over and it 'looks' okay, though some things do not seem to be working.
The new PIX has the Certs from the Cert Server. Though VPN does not seem to be working. How can I get the Password that are configured for VPN (both PPTP and IPSec) to be copied from one PIX to the other?
What else should be done?
Thanks, Scott
Any hardcoded passwords you have are written into the configuration file when you "write net"; when you loaded that configuration in to the other machine, it now knows the passwords.
However, certficates are not passwords, and cannot be copied from one PIX to another. You must generate new keys and enroll the new device.
Thanks, I guess I never really looked at the Passwords in the Config file after I saved them. You are right, they are there.
I've gone through the Steps to generate a new Cert request and obtained a new Cert for the New PIX.
The IPSec VPN gives teh Following Error:
-------------------------------------------------------------------------- crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500 dpt:500 VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0
ISAKMP: larval sa found crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500 dpt:500 VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0
ISAKMP: larval sa found crypto_isakmp_process_block:src:192.168.1.200, dest:charlie_o spt:500 dpt:500 VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0
ISAKMP: larval sa found ISAKMP (0): deleting SA: src 192.168.1.200, dst charlie_o ISADB: reaper checking SA 0x143aec4, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 192.168.1.200/500 not found - peers:0
--------------------------------------------------------------------------
The PPTP VPN gets to the point of Verifying username and password, the come back on the client with the Error of 721: Computer did not respond. The Pix posted the Following to the Syslog:
-------------------------------------------------------------------------- %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 13, remote_peer_ip =
192.168.1.200 %PIX-6-603104: PPTP Tunnel created, tunnel_id is 13, remote_peer_ip is 192.168.1.200, ppp_virtual_interface_id is 1, client_dynamic_ip is 10.201.0.1, username is , MPPE_key_strength is None %PIX-6-302010: 0 in use, 4 most used %PIX-6-302014: Teardown TCP connection 8 for outside:192.168.1.200/3289 to inside:10.1.1.177/80 duration 0:02:01 bytes 0 SYN Timeout %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 11, remote_peer_ip = 192.168.1.200 %PIX-6-603104: PPTP Tunnel created, tunnel_id is 11, remote_peer_ip is 192.168.1.200, ppp_virtual_interface_id is 1, client_dynamic_ip is 10.201.0.1, username is , MPPE_key_strength is None %PIX-3-213001: PPTP control daemon socket io read error, errno = -2043674623 %PIX-6-603105: PPTP Tunnel deleted, tunnel_id = 12, remote_peer_ip = 192.168.1.200 %PIX-6-603104: PPTP Tunnel created, tunnel_id is 12, remote_peer_ip is 192.168.1.200, ppp_virtual_interface_id is 2, client_dynamic_ip is 10.201.0.2, username is , MPPE_key_strength is None--------------------------------------------------------------------------
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.