Pix 515e and 501. v6
Already have multiple tunnels between the 515 and other 501s. Seems like every time I add a new one it gives me trouble.
Last one I added, isakmp phases complete fine, ipsec appears to go ok, tunnel comes up, but no outbound or inbound esp sa's are shown.
What are some typical causes for that? I'm not sure -where- in the config to start looking and need some suggestions.
Thanks.
HI,
The problem is that if you make any changes in the crypto config, you have to clear the ipsec sa's for the new settings to create an ipsec sa. so each time you add a new crypto peer just remove the crypto map from teh outside interface and then reapply or you can use the command clear ipsec sa to clear the sa's so that new settings take effect. Mind you any of the steps you do will teardown the existing phase 2 sa's.
Regards, Rave
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.