01-22-2010 07:21 AM
hey there!
I have two PIX501e and trying to set up a LAN2LAN. i have all the settings in place, but for some reason its not negotioating the connection. Is there an enable command to negotiate? i have crypto enabled on both outside interfaces
Solved! Go to Solution.
01-22-2010 10:37 PM
You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).
The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).
James
01-22-2010 10:37 PM
You need to initiate traffic from one end to the other in order for the tunnel to build. The traffic you need to generate is defined within the encryption domain. So, if you're tunneling traffic using RFC1918 IPs (ie. 192.168.x.x), be sure to ping that IP and not the public (or vice-versa).
The encryption domain defines 'interesting traffic', or traffic that the firewall determines should be passed over the tunnel and not through the Internet (or any other interface).
James
01-23-2010 11:22 AM
You are right!
Funny thing i was pinging the other device and still nothing, however, when i started AT the other device and pinged me, the tunnel came right up. i guess i was pinging from the wrong side
thank you again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide