VPN lab help

Unanswered Question
May 11th, 2009


I have created a simple VPN lab between a Pix (outside) and a 2620 (fas 0) router using a crossover.

All is working and I can ping the loopback 0 interface on the router from my laptop connected to the inside interface of the Pix. For the "outside" IP's I've only used and

I have now changed one outside interface to a and changed the config to reflect this but the VPN stays down. I thought arp would locate this IP and bring the tunnel up? I just want to different IP's to connect like a real VPN, possible?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
whiteford Tue, 05/12/2009 - 01:05

Nope I can't ping it, plus I ran a "sh arp" on the pix and do not see this new peer IP anywhere.

All I see is the outside IP of

"arp-send:arp request built from maciid for macid.

I'm not using anywhere.

Interesting, from the router can you see the PIX?

in the arp tables of both devices are the MAC addresses correct - even if the IP addresses are wrong?

Is the PIX still conneced to the router via an xover cable?

Have you tried to clear the ARP cache on both devices?

What do you see on the router when you issue "debug ip arp" and ping the PIX or when you try and ping the router from the PIX?

whiteford Tue, 05/12/2009 - 02:01

It could be the cross-over cable, on the router after issuing a "sh arp" I get the error:

"IP ARP req filterd scr macid, dst 0000.0000.0000 wrong cable. intface fastethernet 0/0"

says wrong cable, but why everything wants to go to the first IP in the subnet I dont know -


This Discussion