Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

pix unable to ping server IP address over the tunnel

shirwaziri1_2
Level 1
Level 1

‎09-13-2007 10:42 AM

My client has a pix506e and the IP address of it is 192.168.5.1. The pix has established a tunnel connected to the remote site.

I see that the tunnel is up and running:

MCNEILPIX506# show crypto isa sa

Total : 2

Embryonic : 0

dst src state pending created

24.x.x.202 151.147.254.25 QM_IDLE 0 0

24.x.x.202 24.39.88.50 QM_IDLE 0 1

MCNEILPIX506#

My problem is that I cannot ping the remote pix from this Pix. Nor can I ping any ip address that are 10.10.10.0

subnet.

From the show run is there Nat's that I should be creating or access list to allow this pix to be able to connect to that 10.10.10.0 network?

Thanks

Labels:
Preview file
8 KB
0 Helpful
1 Reply 1

lapascua06
Level 1
Level 1

‎09-16-2007 11:48 PM

Hi,

On the remote pix and local pix, enter this command:

pixfirewall(config)# management-access inside

*this command enable us to ping the inside interface of the remote and source our ping on the inside interface of the local pix:

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/mr.html#wp1137951

On the local pix, do an extended ping:

(assuming the inside interface of the remote pix is 10.10.10.1)

pixfirewall# ping inside 10.10.10.1

If this doesn't work, double check your VPN configuration..make sure that phase 2 policies as well as crypto ACl are mirrored on both sides.

Hope this helps...

Cheers,

lapascua

0 Helpful
Customers Also Viewed These Support Documents