pppoe vpn -no route

Unanswered Question
Apr 4th, 2007

pix501e, vpn chanel to another pix is up.

# sh crypto isakmp sa

Total : 1

Embryonic : 0

dst src state pending created

a.b.c.d x.x.x.x

QM_IDLE 0 1

When internal clients ping pc from other side vpn-tunnel i see in log -

110001: No route to 10.20.0.2 from 10.20.51.36

here config-

# sh run

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list vpn_outside permit ip 10.20.51.32 255.255.255.224 10.20.0.0 255.255.252.0

access-list vpn_outside permit ip 10.20.51.32 255.255.255.224 10.20.5.0 255.255.255.0

access-list vpn_outside permit ip 10.20.51.32 255.255.255.224 10.10.0.0 255.255.252.0

access-list vpn_outside permit ip 10.20.51.32 255.255.255.224 10.20.7.0 255.255.255.0

access-list outside_cryptomap_10 permit ip 10.20.51.32 255.255.255.224 10.20.0.0 255.255.252.0

access-list outside_cryptomap_10 permit ip 10.20.51.32 255.255.255.224 10.20.5.0 255.255.255.0

access-list outside_cryptomap_10 permit ip 10.20.51.32 255.255.255.224 10.10.0.0 255.255.252.0

access-list outside_cryptomap_10 permit ip 10.20.51.32 255.255.255.224 10.20.7.0 255.255.255.0

access-list inside_out permit ip 10.20.51.32 255.255.255.224 10.20.0.0 255.255.252.0

access-list inside_out permit ip 10.20.51.32 255.255.255.224 10.20.5.0 255.255.255.0

access-list inside_out permit ip 10.20.51.32 255.255.255.224 10.10.0.0 255.255.252.0

access-list inside_out permit ip 10.20.51.32 255.255.255.224 10.20.7.0 255.255.255.0

access-list inside_out deny ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside pppoe

ip address inside 10.20.51.34 255.255.255.224

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list vpn_outside

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group inside_out in interface inside

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set MO_BRANCH_AES esp-aes esp-sha-hmac

crypto map MO 10 ipsec-isakmp

crypto map MO 10 match address outside_cryptomap_10

crypto map MO 10 set peer x.x.x.x

crypto map MO 10 set transform-set MO_BRANCH_AES

crypto map MO interface outside

isakmp enable outside

isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode

isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

management-access inside

console timeout 0

vpdn group PPPOE request dialout pppoe

vpdn group PPPOE localname [[[[[[

vpdn group PPPOE ppp authentication pap

vpdn username [[[[[[ password *********

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carenas123 Tue, 04/10/2007 - 06:26

Is there a static to dynamic vpn tunnel between the two hosts if that is the case then the tunnel will always be initiated from the remote host.

Actions

This Discussion