Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
3
Replies

Pix501 to VPN3030 troubles

Go to solution
avmabe
Level 3
Level 3

‎08-22-2006 09:32 AM - edited ‎03-09-2019 03:58 PM

Hello,

I have successfully created a L2L IPSEC tunnel between a PIX501 and a VPN3030. The problem I have is I can only send traffic from the 501 --> 3030, the 3030 does not transmit any packets back across the tunnel. I have played around with many static route configurations with no luck.

I have a continous ping going from 192.168.1.4 going to 10.101.101.1 and the ip acl on the PIX is incrementing and the recieved counters are incrementing on the 3030, but no replies!!!

192.168.1.0/24

|

|

|

PIX

|

|

|

69.14.28.x(pix outside addr)

|

|

|

Interweb

|

|

|

12.109.17.x (3030 public)

|

|

|

3030

|

|

|

10.101.101.0/24(Private)

Routes on the 3030 are as follows:

0.0.0.0/0.0.0.0 12.109.17.x (default)

10.101.101.0/255.255.0.0 10.101.101.1 static

That's it. I'm stumpted.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
grant.maynard
Level 4
Level 4

‎08-22-2006 02:04 PM

VPN3030 shows packets received but none transmitted (Administration - Admisiter Sessions - LAN-to-LAN)?

No filters on VPN3030 (on L2L connection or interface)?

What are you trying to ping on 10.101.101.0/24?

How about sticking a PC there with Ethereal and using that to see if the packets are getting there and whether it's replying.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
grant.maynard
Level 4
Level 4

‎08-22-2006 02:04 PM

VPN3030 shows packets received but none transmitted (Administration - Admisiter Sessions - LAN-to-LAN)?

No filters on VPN3030 (on L2L connection or interface)?

What are you trying to ping on 10.101.101.0/24?

How about sticking a PC there with Ethereal and using that to see if the packets are getting there and whether it's replying.

0 Helpful

Go to solution
avmabe
Level 3
Level 3
In response to grant.maynard

‎08-22-2006 03:38 PM

No filters.

Here's what I did find... My packets were going from the pix through the tunnel into the 3030 and out the private interface as 192.168.1.4(remotepc).

Needless to say, the local lan didn't know what to do with 192.168.1.x packets on the 10.101.101.x network.

Not sure what everyone else does, but we really want to have a split tunnel where only (LAN and Cisco 7960 phone traffic) goes across the tunnel. Any ideas?

0 Helpful

Go to solution
grant.maynard
Level 4
Level 4
In response to avmabe

‎08-23-2006 12:14 AM

some people will tunnel everything from a remote site to a central, some will tunnel only certain subnets (as you have). It's up to you.

0 Helpful
Customers Also Viewed These Support Documents