IPSec between Pix 7.2(1) and router 1812 IOS 124-15.T5

Unanswered Question
Aug 20th, 2008
User Badges:

Hello all

I've configured VPN tunnel with help of the url: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml. The tunnel comes up and from router with dynamically assigned IP I can access to other side only to Linux box. From fixed IP side (PIX) I cannot access device on other side except from Linux?? M$ and *nix boxes use the same gateway? Any idea?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Wed, 08/20/2008 - 07:25
User Badges:
  • Silver, 250 points or more


Please check the access-list for the intersting traffic for the VPN on the router.

Suppose you want to allow the subnet behind the router and the subnet at the PIX end, then acl should be like this on the router..

access-list 151 permit ip

mpetrac Wed, 08/20/2008 - 11:33
User Badges:


On DHCP side I have ACL

access-list 100 permit ip

and on PIX side I don't have that rule because it is dynamic VPN and cannot be initiated from PIX side. I have nonat rules on both sides.

The VPN is up and it works partially.

The strange thing is that I can ping (from DHCP side) the Linux box (on pix side with ip over VPN, but if I try to ping ip (Win server without firewall) there is no reply. And when VPN is up I can ping Windows PC on DHCP site but ONLY from Linux ( box. If I try from win box there is no reply.

Could it be an IOS issue?

Because I've tried to set up PPTP or L2TP for the user so they can access the devices on DHCP side but I got align errors (bug).


This Discussion