topic Concentrator/multiple PIXes in Network Security https://community.cisco.com/t5/network-security/concentrator-multiple-pixes/m-p/408954#M529817 <P>Two networks behind a concentrator, 10.10.10.x and 192.168.96.x. The Pix is on the 192, and a router with NAT disabled (transparent) routes to the 10.10. Multiple PIX 501s are all in the 192.168.97.x to 192.168.125.x range, no overlaps. Traffic comes in to the concentrator, and to the 192 side, but not to the 10 side, and no traffic back out. Pulling our hair out here. Any help appreciated. Configs will follow if you think you have an idea, or experience in this.</P> Fri, 21 Feb 2020 08:34:37 GMT jreusch 2020-02-21T08:34:37Z Concentrator/multiple PIXes https://community.cisco.com/t5/network-security/concentrator-multiple-pixes/m-p/408954#M529817 <P>Two networks behind a concentrator, 10.10.10.x and 192.168.96.x. The Pix is on the 192, and a router with NAT disabled (transparent) routes to the 10.10. Multiple PIX 501s are all in the 192.168.97.x to 192.168.125.x range, no overlaps. Traffic comes in to the concentrator, and to the 192 side, but not to the 10 side, and no traffic back out. Pulling our hair out here. Any help appreciated. Configs will follow if you think you have an idea, or experience in this.</P> Fri, 21 Feb 2020 08:34:37 GMT https://community.cisco.com/t5/network-security/concentrator-multiple-pixes/m-p/408954#M529817 jreusch 2020-02-21T08:34:37Z Re: Concentrator/multiple PIXes https://community.cisco.com/t5/network-security/concentrator-multiple-pixes/m-p/408955#M529822 <HTML><HEAD></HEAD><BODY><P>1. on the main office pix, verify whether there is a route pointing to the router for net 10.x.</P><P></P><P>2. on the router, verify whether the default route is set to the pix interface; or routes pointing to the pix for remote nets.</P><P></P><P>3. verify the no-nat and crypto acl on concentrator and remote pixes.</P><P>e.g. on the remote pix,</P><P>access-list no_nat permit ip <REMOTE net=""> <REMOTE net="" mask=""> 192.168.96.0 255.255.255.0</REMOTE></REMOTE></P><P>access-list no_nat permit ip <REMOTE net=""> <REMOTE net="" mask=""> 10.10.10.0 255.255.255.0</REMOTE></REMOTE></P><P>access-list l2lvpn permit ip <REMOTE net=""> <REMOTE net="" mask=""> 192.168.96.0 255.255.255.0</REMOTE></REMOTE></P><P>access-list l2lvpn permit ip <REMOTE net=""> <REMOTE net="" mask=""> 10.10.10.0 255.255.255.0</REMOTE></REMOTE></P></BODY></HTML> Wed, 07 Dec 2005 02:54:06 GMT https://community.cisco.com/t5/network-security/concentrator-multiple-pixes/m-p/408955#M529822 jackko 2005-12-07T02:54:06Z