problem with ipsec tunnel passing thru cisco 2500, and 1721 routers

[mech3]

Hello all i'm new to the forum, and have a problem that has really got me stumped. I have a client that shares part of our companies t-1 that is routed from our main 2500 router to a secondary 2500 router, then routed to a cisco 1721 router. They successfully function with no issues but they now have a new branch that I am setting up a ipsec tunnel to between two pix 506e firewalls. The problem is the tunnel will not communicate and doesnt even try to negotiate the ike policy. The new remote site has its own seperate t-1 and i can successfuly create a tunnel to that office from any other location so I know the problematic site is the office that shares out t-1. Could it be too many relays for the ike key to negotiate? I am ok wwith cisco routers, but very proficiant with pix firewalls. Is there some type of ipsec pass-thru that needs to be enabled? Thanks for any help, and I can provide configs if needed

 

[leedsit]

Hi,

Are you sure there are no firewalls / Access Lists in your VPN Path that block UDP500, Ip50 and IP51? ( AH/ISAKMP & ESP )

Lee

LEEroy
MCNE6,CCNA2,CWNA, Project+, CCSA