Solved: VPN issues with Cisco Pix 515's

hcaeb2000 · ‎09-02-2008

Hello All,

Here is my issue, I have 2 PIX 515 firewalls...

I am trying to set up a site to site VPN between 2 of our sites...

Both of these firewalls currently are running one other site to site VPN so I know that is working...

I can't get the second site to site to initiate the VPN...when looking over the syslogs I am getting denied packets....

The protected networks are:

172.16.48.0/24 and 172.16.4.0/22

If I try to ping from the Cisco (172.16.48.4) to 172.16.4.5 I get the following syslog:

2 Sep 02 2008 08:59:47 106001 172.16.48.4 172.16.4.5 Inbound TCP connection denied from 172.16.48.4/1231 to 172.16.4.5/135 flags SYN on interface inside

It seems that the tunnel is trying to initiate itself but something is blocking the internal traffic from getting across the VPN.

Not sure what that could be, the other VPN's are working fine.

Any help would be great...

I am attaching a copy of one of the configs...

Let me know if you need the other...

acomiskey · ‎09-02-2008

no route inside 172.16.4.0 255.255.252.0 172.16.48.1 1

Removing that route should get you going. Please rate if it does. Similarly, if you have a similar route on the other end, it should be removed as well.

View solution in original post

acomiskey · ‎09-02-2008

no route inside 172.16.4.0 255.255.252.0 172.16.48.1 1

Removing that route should get you going. Please rate if it does. Similarly, if you have a similar route on the other end, it should be removed as well.

hcaeb2000 · ‎09-02-2008

Yeap, all set... I was actually coming here to say I had figured it out, but thanks for the reply....!