06-13-2005 12:43 PM - edited 02-21-2020 01:49 PM
I have a VPN Site to Site. It works fine.
But I cannot ping beetwen Subnets of the tunnel.
10.2.166.0/24--PIX--ROUTER--10.100.200.0/24
PIX CONFIGURATION
access-list NONAT permit ip any any
access-list 112 permit ip 10.0.0.0 255.0.0.0 10.100.200.0 255.255.255.0
access-list 112 permit icmp any any
nat (inside) 0 access-list NONAT
route outside 0.0.0.0 0.0.0.0 default_gateway 1
route outside 10.0.0.0 255.255.255.0 default_gateway 1 # ANOTHER TUNNEL.
route inside 10.0.0.0 255.0.0.0 10.2.166.201 1 #INTERNAL ROUTER
route outside 10.100.200.0 255.255.255.0 default_gateway 1
sysopt connection permit-ipsec
crypto ipsec transform-set ESPDESMD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 3600
crypto map VPNSITE 6 ipsec-isakmp
crypto map VPNSITE 6 match address 112
crypto map VPNSITE 6 set peer IP_REMOTE_ROUTER
crypto map VPNSITE 6 set transform-set ESPDESMD5
crypto map VPNSITE 10 ipsec-isakmp dynamic VPNDYN
crypto map VPNSITE interface outside
isakmp enable outside
isakmp key ***** address IP_REMOTE_ROUTER netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 3600
ROUTER CONFIGURATION
crypto isakmp policy 11
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ***** address IP_REMOTE_PIX
!
!
crypto ipsec transform-set DES esp-des esp-md5-hmac
!
crypto map nolan 11 ipsec-isakmp
set peer IP_REMOTE_PIX
set transform-set DES
match address 120
ip nat inside source route-map SDM_RMAP_1 interface Ethernet0 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip 10.100.200.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 permit ip any any
access-list 120 remark SDM_ACL Category=20
access-list 120 permit ip 10.100.200.0 0.0.0.255 10.0.0.0 0.255.255.255
!
route-map SDM_RMAP_1 permit 1
match ip address 100
06-17-2005 07:30 AM
Here is a document for Configuring IPSec - Router to PIX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide