Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
1
Replies

Permitting GRE through a PIX

ktessier
Level 1
Level 1

‎01-26-2004 07:28 PM

I am trying to get a PIX 520 running 6.2 to pass gre through the firewall to a router so I can establish a tunnel.The tunnel originates on a router which has a VPN connection to a checkpoint firewall, from there it goes to a pix 520 and a ROUTER ON THE OTHER SIDE. The debug on pix is complaining about no translations for gre between my specified endpoints.

Labels:
0 Helpful
1 Reply 1

gmiiller
Level 1
Level 1

‎01-26-2004 08:46 PM

If you're getting the no xlate message, it usually means that you have not created a static or NAT rule for the relevant traffic, so regardless of what your ACL's say, the Pix won't pass the traffic.

Depending on whatever else you have on your Pix, and assuming that you want the GRE endpoint addresses left non-translated, you'll either be expanding the ACL on your NAT 0 rule, or you'll be creating a static entry such as:

Static (inside, outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255

0 Helpful
Customers Also Viewed These Support Documents