I am upgrading a Pix 515E to 7.2 from 6.3. I converted the config and it loads without error. But I am having issues with the VPN tunnel. The Pix 515E connects to several Pix 501 (6.3 still) over a IPSec tunnel.
The issue with the new 7.2 is that only a ping will bring up the VPN tunnel. If I attempt to connect over SSH, HTTP, or any other method, I just get the error below.
IKE Initiator unable to find policy: Intf 1, Src: 172.16.100.1, Dst:
172.20.113.20Here are the good lines.
access-list 113_ipsec permit ip 172.30.0.0 255.255.0.0 172.20.113.0
255.255.255.0access-list 113_ipsec permit ip 172.16.100.0 255.255.255.0 172.20.113.0
255.255.255.0crypto map ToStore 113 ipsec-isakmp
crypto map ToStore 113 match address 113_ipsec
crypto map ToStore 113 set peer store113ip
crypto map ToStore 113 set transform-set strong
If I am at host 172.20.113.20, and I try to ssh to host 172.16.100.1, it will time out and I will see the IKE error on the pix. If I ping from host 172.20.113.20 to host, 172.16.100.1, after a second, the connection will work. At that point on, I can ssh in and do everything else like normal. Until something times out in an hour and the tunnel drops. At that point, I have to ping again.
This is the same crypto map I used in 6.3 and it did not have this problem. What is going on?
Thanks for any help.
-Porch