03-18-2006 09:14 PM - edited 02-21-2020 02:19 PM
Hi all,
I have the following setup...
Office Pix 501 <=site-to-site=> Corporate PIX 515e.
On the Corporate side we have a frame connection on a 2600 => Parent. Clients on the corp & Office side can see each other fine. Corporate can see the Parent no issues. From the Office PIX we can ping the parent router no issue. From the Office we can not see the parent.. Not sure if this makes sence...
Client x->501<->515e<->2600<->Parent
Ping to Parent from 501 works after route par.ent.xxx.xxx 255.255.0.0 cor.por.ate.xxx (2600 address) was added to config. Any help appreciated.
03-19-2006 02:29 PM
the parent subnet(s) needs to be included in the no-nat and crypto acl on both 501 and 515e.
e.g. on 501
access-list no_nat permit ip <501 private subnet> <501 private subnet mask> <515e private subnet> <515e private subnet mask>
access-list no_nat permit ip <501 private subnet> <501 private subnet mask>
access-list l2lvpn permit ip <501 private subnet> <501 private subnet mask> <515e private subnet> <515e private subnet mask>
access-list l2lvpn permit ip <501 private subnet> <501 private subnet mask>
the "mirror" acls need to be configured on the 515e. further, verify there is a route on the parent router for 501 private subnet pointing to 515e as the next hop.
03-22-2006 03:47 AM
Would you send me crypto, isakmp, and ACL configurations on both PIXs?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide