Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
1
Replies

IPSec through PIX

e-see
Level 1
Level 1

‎06-05-2005 02:54 PM - edited ‎02-21-2020 01:48 PM

I have a 26xx router behind a PIX thats sets up a VPN to an outside router> I can ping the remote IP .address on the LAN at the remote site but the remote site cannot ping the network off the inside router behind the PIX. I see the IPSec peers okay. When I do sh crypto ipsec sa on either router I only packets at one side:

#pkts encaps: 10, #pkts encrypt: 10

#pkts decaps: 0, #pkts decrypt: 0

and on the other router:

#pkts encaps: 0, #pkts encrypt: 0

#pkts decaps: 10, #pkts decrypt: 10

They both only see one side. Suggestions?

Labels:
0 Helpful
1 Reply 1

paddyxdoyle
Level 6
Level 6

‎06-06-2005 08:10 AM

Im not too sure what's going on from your description but the things to check are

Are your crypto access-lists mirrored on your VPN routers?

Is your PIX allowing IPSEC from inside to outside and outside to inside (esp and isakmp). This needs to be configured either in your access-lists or you can use the "sysopt connection permit-ipsec" command which enables IPSEC traffic to bypass access-list filtering.

HTH

Paddy

0 Helpful
Customers Also Viewed These Support Documents