×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Permitting GRE through a PIX

Unanswered Question
Jan 26th, 2004
User Badges:

I am trying to get a PIX 520 running 6.2 to pass gre through the firewall to a router so I can establish a tunnel.The tunnel originates on a router which has a VPN connection to a checkpoint firewall, from there it goes to a pix 520 and a ROUTER ON THE OTHER SIDE. The debug on pix is complaining about no translations for gre between my specified endpoints.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmiiller Mon, 01/26/2004 - 20:46
User Badges:

If you're getting the no xlate message, it usually means that you have not created a static or NAT rule for the relevant traffic, so regardless of what your ACL's say, the Pix won't pass the traffic.


Depending on whatever else you have on your Pix, and assuming that you want the GRE endpoint addresses left non-translated, you'll either be expanding the ACL on your NAT 0 rule, or you'll be creating a static entry such as:


Static (inside, outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255

Actions

This Discussion