01-08-2008 02:42 AM - edited 03-11-2019 04:44 AM
Hi,
I have two Cisco PIX 501's (PIX1 and PIX2) providing a LAN to LAN IPSec VPN between two sites (SITE1 and SITE2). PIX1 is at SITE1 and PIX2 is at SITE2.
If I ping a device on the LAN at SITE1 from a device on the LAN at SITE2, the VPN tunnel comes up fine. Once the tunnel is up I can also ping a device on the LAN at SITE2 from a device on the LAN at SITE1. However, if the tunnel is down and I ping a device on the LAN at SITE2 from a device on the LAN at SITE1, the VPN tunnel does not come up. I'm sure I've got all routing/static routes setup correctly.
Would appreciate some pointers.
01-08-2008 07:00 AM
Hi,
When you ping a device in LAN on the site 2 from a device in LAN on the site 1 the VPN tunnel doesn't come up....
Is traffic from LAN (site1) to LAN (site2) "interesting traffic"?
This is a good reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml
Check your configuration.
I hope this helps.
Best regards.
Massimiliano.
01-08-2008 08:35 AM
Hi,
I should have mentioned; the PIX's in question are running 6.3 and the private IP networks at each office are different (192.168.1.0/24 at SITE1 and 192.168.9.0/24 at SITE2).
On this basis I'm not sure that the supplied link is specifically relevant? One other thing, I DID use the PDM VPN wizard to configure both PIX's so I would expect this to have put the correct configuration in place? I can post the config's if it would help.
Thanks,
Dave.
01-08-2008 11:00 AM
Hi Dave,
Here is the link for configuring vpn site-to-site with PDM http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_515qk.html#wp48080
Here is the link with some configuration example of Site-to-Site VPN http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sit2site.html..if you use a pre-shared key in order to establish a tunnel view the section "Establishing a Tunnel Using a Pre-Shared Key "..and then see configuration file on both firewalls.
I hope this helps.
Best regards.
Massimiliano.
01-10-2008 05:20 AM
i have a doubt because i need put two pix in my network, one for the traffic control and another for the vpn (ipsec), so my problem is that i have the same configuration and both pixs and i want to put the ipsec as comment or disable in one pix, because when the other pix fail or is down, i could put up the other ipsec and all to be working good, so my question is how i can put the ipsec in desable and if i have problems with the other pix, i can put enable this ipsec or what is the best idea for this situation
i have two pixs 501, i hope that you can help me,
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide