ipsec vpn site-to-site setting up for the first time

Unanswered Question
Jul 5th, 2007

i'm setting up ipsec vpn (site-to-site) between a pix 525 and a 3660 for the first time. i'm setting this up in a lab

environment. i have set up static ips only for simplicity. from the pix 525, i can ping up to 3660's 172.17.63.230 but not the LAN IP of 10.2.2.1. what do i need to do ? any help is much appreciated. thank you.

topology:

pix 525 -- r1 -- r2 -- 3660

topology with the IPs:

<10.1.1.1> pix 525 <172.17.63.213> -- <172.17.63.209> r1 <12.1.1.1> -- <12.1.1.2> r2 <172.17.63.225> -- <172.17.63.230> 3660 <10.2.2.1>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 07/05/2007 - 23:45

Hi

Could you post the config for r2.

Also on a more general note. Setting up IPSEC VPN's to get experience with them is a lot easier if you have hosts on either LAN rather than trying to ping between the 2 IPSEC peer gateways.

Jon

krishnakomiti Fri, 07/06/2007 - 02:11

Hi,

I think in Pix525 we have to add another command also. Please try this command "sysopt connection permit-ipsec" in config mode.

Cheers,

Krishna.

Actions

This Discussion