getting the following errors between lan2lan VPN: %PIX-2-106001

Mrkaprino · ‎05-30-2007

Hi I am getting the following errors when trying to ssh between 2 servers over the VPN tunnel. I see it is going out of my acl_inside access-list but I do not see it reaching the VPN acess list. There is no natting between the 2 ips.

# no natting for 10.13.36.0 subnet to 10.2.0.0 subnet

access-list nonat extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0

# acl_in access list

access-list acl_in line 4 extended permit tcp host 10.13.37.245 host 10.2.12.202 (hitcnt=28)

access-list acl_in line 31 extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0 (hitcnt=462)

# VPN access list

access-list XO_access_in line 5 extended permit tcp host 10.2.12.202 eq ssh host 10.13.37.245 (hitcnt=0)

%PIX-2-106001: Inbound TCP connection denied from 10.13.37.245/58736 to 10.2.12.202/22 flags SYN on interface inside

# show version

Cisco PIX Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "flash:/pix704.bin"

acomiskey · ‎05-30-2007

Any chance of getting more complete configs?

Mrkaprino · ‎05-31-2007

Here is the config minus the private information. I am just trying to ssh to 10.2.12.202 from 10.13.37.245 via the UK VPN tunnel. There should be no NATing, as well.

Thanks,

Kap