Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Setup - PIX 515E w/6.3.5 - One internal network and two "external" networksI've got one Cisco Router to our MCI networks on one outside interface and a Cable modem on the other outside interface. I want to route all site to site VPN traffic over the ...
Anyone have this working...PIX (6.1.1) with static IP, and Sonicwall firewall (6.2.0) with a dynamic (dsl) ip address? I've sort of got it working by disabling Mode-config and XAuth on the 0.0.0.0 crypto-map. It makes it through Phase 2 and sets up t...
Interesting...I've added a route to 10.10.0.0 255.255.0.0 that points to my x.x.x.gw. Now that crypto ACL is being triggered and the ISAKMP engine is trying to establish that connection. However, the ISAKMP engine is STILL trying to use my cable mode...
I've also noticed my crypto ACLs are not being hit anymore. This is from the sh crypto map command...access-list CSM-crypto-acl-outside-12 line 1 permit ip 10.0.0.0 255.255.0.0 10.100.0.0 255.255.0.0 (hitcnt=0)
Here is my config. Some crypto entries removed to shorten config. It really seems like the crypto engine is ignoring the routes. Other traffic routes to the correct interfaces fine.
