I have a Linksys BEFSX41 behind an ADSL modem (static IP address) I want to connect to with an IPSec tunnel originating from a PIX 501 (also behind an ADSL modem but with a dynamic IP address).
The Linksys is configured to use DES/SHA for Phase 1 and 3DES/SHA for Phase
I've tried various isakmp policy encryption/hash combinations but cannot seem to get past Phase 1 negotiations.
Can one of you sharp individuals give me an idea of what is needed for configuration on the PIX to get this working?
local ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.0/0/0) current_peer: Remote_Site:0 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #pkts no sa (send) 32, #pkts invalid sa (rcv) 0 #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0 #pkts invalid prot (recv) 0, #pkts verify failed: 0 #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0 ##pkts replay failed (rcv): 0 #pkts internal err (send): 0, #pkts internal err (recv) 0 local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: Remote_Site path mtu 1500, ipsec overhead 0, media mtu 1500 current outbound spi: 0 inbound esp sas: inbound ah sas: inbound pcp sas: outbound esp sas: outbound ah sas: outbound pcp sas: