getting the following errors between lan2lan VPN: %PIX-2-106001

Unanswered Question
May 30th, 2007
User Badges:

Hi I am getting the following errors when trying to ssh between 2 servers over the VPN tunnel. I see it is going out of my acl_inside access-list but I do not see it reaching the VPN acess list. There is no natting between the 2 ips.


# no natting for 10.13.36.0 subnet to 10.2.0.0 subnet

access-list nonat extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0



# acl_in access list

access-list acl_in line 4 extended permit tcp host 10.13.37.245 host 10.2.12.202 (hitcnt=28)

access-list acl_in line 31 extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0 (hitcnt=462)


# VPN access list

access-list XO_access_in line 5 extended permit tcp host 10.2.12.202 eq ssh host 10.13.37.245 (hitcnt=0)



%PIX-2-106001: Inbound TCP connection denied from 10.13.37.245/58736 to 10.2.12.202/22 flags SYN on interface inside




# show version


Cisco PIX Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)


Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "flash:/pix704.bin"


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 05/30/2007 - 15:12
User Badges:
  • Green, 3000 points or more

Any chance of getting more complete configs?

Mrkaprino Thu, 05/31/2007 - 07:04
User Badges:

Here is the config minus the private information. I am just trying to ssh to 10.2.12.202 from 10.13.37.245 via the UK VPN tunnel. There should be no NATing, as well.


Thanks,

Kap



Attachment: 

Actions

This Discussion