Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

L2L ASA5540 to PIX515E

ecohencohen
Level 1
Level 1

‎11-03-2007 01:33 PM - edited ‎02-21-2020 01:45 AM

Hi All, I have a strange issue I have built a Lan to Lan IPSEC tunnel between an ASA5540 and a PIX515E on the ASA side there is only one subnet I need to protect but on the PIX side there are three. The tunnel is up and passes traffic but it won't pass traffic to all the subnets on the PIX side at the same time, it will ping one subnet but not one of the other ones, unless no traffic passes for a few minutes at which point I can ping one of the other subnets. I have NAT Exclude rule set up using the one subnet on one side and a Network Object Group on the other, I used this same format as the IPSEC rule. Any ideas?

0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎11-06-2007 04:18 PM

Can you send the output of the following:

sh run nat

sh run | in crypto

sh access-list --> entries for crypto match acl and also for the nat exemption.

What version of code are you running on the PIX 515E.

Cheers,

Gilbert

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card