Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a few Pix 501s that connect over site to site VPNs. We use Orion NPM and I cannot add them for monitoring. I have been able to add remote routers that connect via site to site VPNs. I am assuming the security rules/NAT of the Pix are prev...
We have configured toll bypass on our routers and use Orion to monitor our network links. We have the routers configured as MGCP gateways. I noticed in ORION that the majority of traffic that crosses these links is RTP. No other protocol includi...
I have a 2851 router that is currently being used to terminate all site to site VPNs. I want to start using it for our remote access VPNs which are currently on our 3005 Concentrator. I do not want to do split tunneling so I assume no ACLs for the...
I am configuring an 871 router and have 802.1x enabled. The clients can authenticate properly thru the VPN tunnel. We also will have a printer and IP Phone behind the remote 871 router. They cannot run 802.1x so I have a virtual template with "device...
I am configuring an 871 router and have 802.1x enabled. The clients can authenticate properly thru the VPN tunnel. We also will have a printer and IP Phone behind the remote 871 router. They cannot run 802.1x so I have a virtual template with "de...
I got it. Had to add a static route to the 7606. In addition to the ACL that you had me add, that did it. Thanks! How do I rate a post as a fix as you got it working and want to give you the credit you earned.
Have not tried tearing the tunnel down. We also have a 7606 router that the SNMP server is behind. From that router, if I do a trace to the outside address of the Pix, it goes out the other link instead of the TW link. But SNMP debugs in the 280...
OK. Does it appear to be a routing issue then if traffic destined for 24.172.234.126 is not going out via the tunnel but going out a different link? Thanks again for your help.
Looks like traffic from HQ (172.16.0.0) is being NAT'd and going out another interface if the destination is the outside interface on the remote Pix (24.172.234.126). This would explain why it is not working as the NAT'd IP is not in the ACL. I w...
