Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
5
Helpful
4
Replies

Pix 515 to Linksys BEFSX41 VPN

Go to solution
barger
Level 1
Level 1

‎12-20-2004 10:37 AM

Hi.

I've been searching the forums and the best info i could come up with on this topic was one person saying "Eureka, i've done it!" and then several hundred "Please send me your config" responses.

I have succeeded in establishing a tunnel between the pix and the Linksys router, and i can ping thru the tunnel.

But nothing other than ping seems to go thru the tunnel. The access-lists on the pix do not restrict on port, and (for testing) i have the linksys firewall wide open. So i am not sure where i've gone wrong.

I was hoping that this might be a common situation and someone could point me in the right direction to find the solution.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aftermath
Level 1
Level 1

‎12-22-2004 09:16 PM

Also,

Check the order of your ACL's. A firewall and a router do not use ACL's in the same order. Not to discourage you, but I have yet to see a Linksys router do very well a PIX. For some reason the Linksys routers seem to drop packets for unexplained reasons...

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ehirsel
Level 6
Level 6

‎12-22-2004 11:56 AM

On the linksys router, did you enable connections to originate on the external/provider facing interface? I believe that earlier versions of linksys software titled the option, enable wan connections.

What code level is running on the linksys and on the pix?

Assuming that the linksys allows external connections try this test to see if name resolution is working (ala dns and ms wins):

At a device behind the pix, issue a telnet hostname portid where portid is maybe 80 to test www, or you could use 139 to test ms network connections. See if the hostname resolves correctly, and that the connection gets established.

Go to solution
aftermath
Level 1
Level 1

‎12-22-2004 09:16 PM

Also,

Check the order of your ACL's. A firewall and a router do not use ACL's in the same order. Not to discourage you, but I have yet to see a Linksys router do very well a PIX. For some reason the Linksys routers seem to drop packets for unexplained reasons...

0 Helpful

Go to solution
barger
Level 1
Level 1
In response to aftermath

‎12-23-2004 05:43 AM

Thanks.

I got it working a few hours ago.

From testing various configurations i had left-over access-list entries that were host-specific as well as access-list lines for the entire subnet.

When i removed the access-list lines that were host-specific that seemed to do the trick.

It still seems odd to me that the ping got thru, but not other traffic.

I've gotten pretty good at this, but i still think my company should spring for Cisco training for me :)

I hope this is helpful to anyone else finding themselves in this situation.

Thanks again.

0 Helpful

Go to solution
aftermath
Level 1
Level 1
In response to barger

‎12-23-2004 05:52 AM

Jeff,

I know it seems strange that you can ping, yet cannot get traffic through, but it's really not.

As mentioned in my previous reply, ACL's can really trip you up, if they are not applied correctly.

Too, remember a PIX Firewall, and a Router both process ACL's in a different order, and if you are getting a ping, but no traffic, check your ACL's.

Congrats on getting it accomplished, ACL's are tricky and take a little time to get used to, but the more you practice, and the more comfortable you become with them, it will almost be second nature.

Have a good one.

0 Helpful
Customers Also Viewed These Support Documents