cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
365
Views
0
Helpful
5
Replies

VPN Proplem between Pixfirewall506E and Contivity (Nortel)

bphanthanh
Level 1
Level 1

The tunnel is up but not transfer routing, so we are can not ping between 2 sites although we are using the static routing. What can I do to solve this?

5 Replies 5

ajagadee
Cisco Employee
Cisco Employee

Hi,

If your tunnel is up and routing is looking good, we need to check the IPSec SA's to see whether there are any encrypts and decrypts and also make sure that you are bypassing NAT ( NAT 0 ) on the pix for the IPSec traffic, if the pix is configured for NAT.

Regards,

Arul

Hi Arul

I have checked informations which you advice me by command: sh crypt is sa

and I'm sure that the NAT 0 on the pix bypassing NAT for the IPSec traffic. When I ping other site have packet outbound but haven't packet Inbound. I don't known why ?. Can you give me advices. Thanks

Regards

I am having the same problem with our 515e talking to a nortel contivity 4500. I have the tunnel up but can not reach the host on the other side. My question is related to your suggestion of NAT 0 being used on the IPSec traffic. The client we ar working with has overlapping internal ip addreses with us so I cannot by pass NAT. I'm wondering if the NAT tranlation is some how causing the problem... ? Any suggestions

JH

The problem was resolved by matching the isakmp policy's lifetime between the pix and the nortel box.

JH

jfrahim
Level 5
Level 5

Hi there,

Can you do "sh cry ip sa" on the pix ans see if it is encrypting/decrypting the traffic

Jazib

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: