L2L ASA5540 to PIX515E

Unanswered Question
Nov 3rd, 2007

Hi All, I have a strange issue I have built a Lan to Lan IPSEC tunnel between an ASA5540 and a PIX515E on the ASA side there is only one subnet I need to protect but on the PIX side there are three. The tunnel is up and passes traffic but it won't pass traffic to all the subnets on the PIX side at the same time, it will ping one subnet but not one of the other ones, unless no traffic passes for a few minutes at which point I can ping one of the other subnets. I have NAT Exclude rule set up using the one subnet on one side and a Network Object Group on the other, I used this same format as the IPSEC rule. Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Tue, 11/06/2007 - 16:18

Can you send the output of the following:

sh run nat

sh run | in crypto

sh access-list --> entries for crypto match acl and also for the nat exemption.

What version of code are you running on the PIX 515E.




This Discussion