09-14-2004 09:04 AM - edited 02-21-2020 01:20 PM
I have a VPN tunnel up between a Pix 501 (I own) and a Cisco router (owned by another company). We want a way to verify we can get to specfic devices on the other side of the tunnel. Pings fail and when I do a traceroute the last hop is the router before my Pix. I see the traffic go across the tunnel, however, so I know that the routing of the networks is correct. Is there something I need to do to allow pings across this tunnel and to have the Pix respond as a hop in my traceroute?
access-list outside_cryptomap_20 permit ip 209.XX.254.0 255.255.254.0 object-group XXX
access-list outside_cryptomap_20 permit icmp any any
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set pfs group2
crypto map outside_map 20 set peer XXX.XX.7.164
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
Thanks,
Todd
09-15-2004 01:07 AM
Todd,
You should be able to ping across the tunnel so long as non of the devices are configured to drop the echo packets. Can you ping the inside interface of the PIX?
If you traceroute to an Internet site (not across the VPN) does the PIX address appear in the output?
Andy
09-15-2004 08:08 AM
The first thing to verify is whether the IPSec tunnel is up or not. You have provided a partial configuration of the PIX. Can you provide the full configuration so all the required commands can be verified. It might also be helpful to get the configuration of the remote router.
As an informational note do verify that the traffic between the sites (over the tunnel) should not prevented from being NATTED on the PIX and the router (if NAT is in effect there)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide