02-19-2003 12:11 AM - edited 02-21-2020 12:21 PM
The tunnel is up but not transfer routing, so we are can not ping between 2 sites although we are using the static routing. What can I do to solve this?
02-20-2003 11:07 AM
Hi,
If your tunnel is up and routing is looking good, we need to check the IPSec SA's to see whether there are any encrypts and decrypts and also make sure that you are bypassing NAT ( NAT 0 ) on the pix for the IPSec traffic, if the pix is configured for NAT.
Regards,
Arul
02-24-2003 02:31 AM
Hi Arul
I have checked informations which you advice me by command: sh crypt is sa
and I'm sure that the NAT 0 on the pix bypassing NAT for the IPSec traffic. When I ping other site have packet outbound but haven't packet Inbound. I don't known why ?. Can you give me advices. Thanks
Regards
03-05-2003 10:17 AM
I am having the same problem with our 515e talking to a nortel contivity 4500. I have the tunnel up but can not reach the host on the other side. My question is related to your suggestion of NAT 0 being used on the IPSec traffic. The client we ar working with has overlapping internal ip addreses with us so I cannot by pass NAT. I'm wondering if the NAT tranlation is some how causing the problem... ? Any suggestions
JH
03-07-2003 08:04 AM
The problem was resolved by matching the isakmp policy's lifetime between the pix and the nortel box.
JH
02-20-2003 03:21 PM
Hi there,
Can you do "sh cry ip sa" on the pix ans see if it is encrypting/decrypting the traffic
Jazib
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide