I have set up a VPN link over the internet to our 2nd location. At one end is a pair of PIX515E's in an active/failover config and at the far end is a pair of 6503's with the Sup720 module being where the VPN is terminated. Also in there is a FWSM which sits on the same shared VLAN as where I want to terminate the VPN.
Here's how it goes...
1. PIX's have one peer configured, the HSRP address of the shared VLAN20 that the FWSM outside interface sits on. This is a globally routable IP address.
2. The 6503's have a shared VLAN20 running HSRP that tracks the main internet interface and switches over if that goes down. The peer is set as the outside interface of the PIX and all seems ok.
3. The tunnel comes up and shows QM_IDLE at the 6500 end and MM_ACTIVE at the PIX end
However, no traffic passes over the tunnel and I can't ping or do anything else. I know the config is good because when I set the tunnel to one of the supervisor interfaces (i.e. g1/1 connection to the internet) everything works fine. All I'm changing is where it terminates so that I can have the redundancy of HSRP.
Does anyone have any idea what I'm missing??
Thanks in advance,