Site to Site problems

Unanswered Question
Mar 11th, 2007

I have two pix firewalls a 515E and a 506E there is another router that I have no access to. I have tried using the VPN wizard to connect the two site and they will not connect. I have had a connection to the other router and connection to a vigor router.

Here is the config from both routers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Mon, 03/12/2007 - 07:19

You don't have nat exemption on sevenoaks pix.

nat (inside) 0 access-list no-nat

access-list no-nat permit ip

Kamal Malhotra Mon, 03/12/2007 - 07:44


However needless to say, but the commands go in the reverse order i.e. you configure teh access-list first and then the nat command.


Please rate if it helps.



bartollo1 Thu, 03/15/2007 - 05:04

I have wiped the config and I am trying this on a different box here are the configurations.

I cannot add the line

nat (inside) 0 access-list no-nat

The tunnels do not even try to establish. Has anyone got a pix to pix work using the wizards.

Is there any documentation for 6.3(5) for site to site pix.

acomiskey Thu, 03/15/2007 - 06:29

Just a quick look, it seems you are trying to add "no-nat" when your acl is "nonat".

Try it without the "-". Just looked more closely, you already have inside_nat0_outbound, you do not need to add another nat 0.

bartollo1 Thu, 03/15/2007 - 07:22

This was created by the wizard.

I have tried many thing before accessing the site. has anyone got the configuration files that work on two pix's so I can replace them with my ip adress. It would be a hell of a lot easier to do this than just addeding a line at a time.

sorry for being a bit blunt.


This Discussion