VPN lab help

whiteford · ‎05-11-2009

Hello,

I have created a simple VPN lab between a Pix (outside) and a 2620 (fas 0) router using a crossover.

All is working and I can ping the loopback 0 interface on the router from my laptop connected to the inside interface of the Pix. For the "outside" IP's I've only used 172.16.1.1/30 and 172.16.1.2/30.

I have now changed one outside interface to a 10.10.10.1/30 and changed the config to reflect this but the VPN stays down. I thought arp would locate this IP and bring the tunnel up? I just want to different IP's to connect like a real VPN, possible?

andrew.prince · ‎05-12-2009

Can you ping the other device?

What is the debug of the arp telling you?

whiteford · ‎05-12-2009

Nope I can't ping it, plus I ran a "sh arp" on the pix and do not see this new peer IP anywhere.

All I see is the outside IP of 213.212.82.5:

"arp-send:arp request built from 213.212.82.5 maciid for 213.212.82.1 macid.

I'm not using 213.212.82.1 anywhere.

andrew.prince · ‎05-12-2009

Interesting, from the router can you see the PIX?

in the arp tables of both devices are the MAC addresses correct - even if the IP addresses are wrong?

Is the PIX still conneced to the router via an xover cable?

Have you tried to clear the ARP cache on both devices?

What do you see on the router when you issue "debug ip arp" and ping the PIX or when you try and ping the router from the PIX?

whiteford · ‎05-12-2009

It could be the cross-over cable, on the router after issuing a "sh arp" I get the error:

"IP ARP req filterd scr 213.212.82.5 macid, dst 213.212.82.1 0000.0000.0000 wrong cable. intface fastethernet 0/0"

says wrong cable, but why everything wants to go to the first IP in the subnet I dont know - 213.212.82.1

andrew.prince · ‎05-12-2009

post your PIX and Router config for review.