IPSec between Pix 7.2(1) and router 1812 IOS 124-15.T5

mpetrac · ‎08-20-2008

Hello all

I've configured VPN tunnel with help of the url: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml. The tunnel comes up and from router with dynamically assigned IP I can access to other side only to Linux box. From fixed IP side (PIX) I cannot access device on other side except from Linux?? M$ and *nix boxes use the same gateway? Any idea?

Thanks

Miha

dhananjoy chowdhury · ‎08-20-2008

Hi,

Please check the access-list for the intersting traffic for the VPN on the router.

Suppose you want to allow the subnet 10.1.1.0/24 behind the router and the subnet 172.16.20.0/24 at the PIX end, then acl should be like this on the router..

access-list 151 permit ip 10.1.1.0 0.0.0.255 172.16.20.0 0.0.0.255

mpetrac · ‎08-20-2008

Hi

On DHCP side I have ACL

access-list 100 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255

and on PIX side I don't have that rule because it is dynamic VPN and cannot be initiated from PIX side. I have nonat rules on both sides.

The VPN is up and it works partially.

The strange thing is that I can ping (from DHCP side) the Linux box (on pix side with ip 192.168.10.16) over VPN, but if I try to ping ip 192.168.10.20 (Win server without firewall) there is no reply. And when VPN is up I can ping Windows PC on DHCP site but ONLY from Linux (192.168.10.16) box. If I try from win box there is no reply.

Could it be an IOS issue?

Because I've tried to set up PPTP or L2TP for the user so they can access the devices on DHCP side but I got align errors (bug).