Site to Site problems

bartollo1 · ‎03-11-2007

I have two pix firewalls a 515E and a 506E there is another router that I have no access to. I have tried using the VPN wizard to connect the two site and they will not connect. I have had a connection to the other router and connection to a vigor router.

Here is the config from both routers

acomiskey · ‎03-12-2007

You don't have nat exemption on sevenoaks pix.

nat (inside) 0 access-list no-nat

access-list no-nat permit ip 192.168.20.0 255.255.255.0 172.17.121.0 255.255.255.0

Kamal Malhotra · ‎03-12-2007

Hi,

However needless to say, but the commands go in the reverse order i.e. you configure teh access-list first and then the nat command.

HTH,

Please rate if it helps.

Regards,

Kamal

acomiskey · ‎03-12-2007

ya, thanks Kamal

acomiskey · ‎03-14-2007

Did this fix it?

bartollo1 · ‎03-15-2007

I have wiped the config and I am trying this on a different box here are the configurations.

I cannot add the line

nat (inside) 0 access-list no-nat

The tunnels do not even try to establish. Has anyone got a pix to pix work using the wizards.

Is there any documentation for 6.3(5) for site to site pix.

acomiskey · ‎03-15-2007

Just a quick look, it seems you are trying to add "no-nat" when your acl is "nonat".

Try it without the "-". Just looked more closely, you already have inside_nat0_outbound, you do not need to add another nat 0.

bartollo1 · ‎03-15-2007

This was created by the wizard.

I have tried many thing before accessing the site. has anyone got the configuration files that work on two pix's so I can replace them with my ip adress. It would be a hell of a lot easier to do this than just addeding a line at a time.

sorry for being a bit blunt.

acomiskey · ‎03-15-2007

The configs look fine, you will need to do some logging.