05-16-2003 10:45 AM - edited 02-20-2020 10:44 PM
I have already established a VPN connection from a FreeSwan box to my PIX but the remote end can not ping or access my network.
The config is like this:
access-list 200 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=0)
access-list 210 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=14)
nat (inside) 0 access-list 200
Crypto Map "newmap" 20 ipsec-isakmp
Peer = yy.yy.yy.yy
access-list 210; 1 elements
access-list 210 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=14)
Current peer: yy.yy.yy.yy
Security association lifetime: 4608000 kilobytes/28800 seconds
PFS (Y/N): N
Transform sets={ myset, }
Any ideas?
Thank you.
05-22-2003 11:46 AM
It is hard for me to tell where the problem could be. Generally, check the following:
1. Are you allowing ICMP echo and echo reply packets through the PIX?
2. Is your VPN up and running? That is, does all your transform sets match and the access-lists are mirrored at both the ends.
3. Check if the routing is working. You may check this before configuring VPN.
05-22-2003 12:36 PM
Hi,
I had to change from SHA to MD5 and everything worked fine.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide