Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
778
Views
0
Helpful
1
Replies

help with site to site vpn between 515 and 506 pix

nssaustin
Level 1
Level 1

‎12-13-2010 11:14 AM

deleted fixed

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-13-2010 11:31 AM

Hi,

I don't see a nat0 ACL on the PIX running 8.x

Can you check the following:

PIX 8.x

access-list nonat permit ip 172.16.1.0 255.255.255.0 10.1.11.0 255.255.255.0

nat (inside) 0 access-list nonat

PIX 7.x

access-list nonat permit ip 10.1.11.0 255.255.255.0 172.16.1.0 255.255.255.0

nat (inside) 0 access-list nonat

The ACL applied to the crypto map should define the same traffic as the above ACL.

Also.. add the command ''management-access inside'' and try to PING between inside addresses.

ie.

From PIX 8.x

ping inside 10.1.11.1

Check the establishmet of phase 1:

sh cry isa sa

Check the establishment of phase 2:

sh cry ips sa

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents