Hi I have created a VPN tunnel between sitea and siteb. But unable to ping inside interfaces for both sites. Could you please suggest what to do. When i look up the PDM page on both Sites PIX 501 its Showing. ========================================= VPN STATUS Ike Tunnels 1 Ipsec Tunnels 1 ========================================= Here is the current config SITE A ================================= PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password R7czuFL encrypted passwd 8qD.2bX7 encrypted hostname aiet domain-name air clock timezone EST 10 clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names object-group service tri tcp-udp port-object range 5060 5063 port-object range 10000 20000 port-object range 16384 20384 port-object eq 69 object-group service UDPList udp port-object eq 5060 port-object eq 8000 port-object range 16384 20384 access-list inbound permit tcp any any eq 3389 access-list inbound permit tcp any any eq ssh access-list inbound permit tcp any any eq 5060 access-list inbound permit udp any interface outside object-group tri access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list Inbound permit udp any interface outside object-group tri access-list outbound permit tcp host 192.168.0.200 host 11.1177.190 eq 4569 access-list outbound permit udp host 192.168.0.200 host 11.1177.190 eq 4569 access-list outbound permit tcp host 192.168.0.200 host 11.1177.190 eq 5060 access-list outbound permit udp host 192.168.0.200 host 11.1177.190 eq 5060 pager lines 24 mtu outside 1492 mtu inside 1500 ip address outside pppoe setroute ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.0.0 255.255.255.0 outside pdm location 192.168.0.0 255.255.255.0 inside pdm location 192.168.0.0 255.255.255.255 outside pdm location 192.168.0.1 255.255.255.255 outside pdm location 192.168.0.1 255.255.255.255 inside pdm location 192.168.0.0 255.255.255.255 inside pdm location 11.11.72.0 255.255.255.0 inside pdm location 192.168.0.150 255.255.255.255 inside pdm location 11.1172.0 255.255.255.0 outside pdm location 11.1177.190 255.255.255.255 outside pdm location 11.1172.20 255.255.255.255 inside pdm location 192.168.0.9 255.255.255.255 inside pdm location 11.11.77.0 255.255.255.255 outside pdm location 11.11.77.0 255.255.255.0 outside pdm location 192.168.0.200 255.255.255.255 inside pdm location 192.168.1.0 255.255.255.0 inside pdm location 192.168.1.0 255.255.255.0 outside pdm location 11.11.118.45 255.255.255.255 outside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.0.0 255.255.255.0 0 0 static (inside,outside) tcp interface 3389 192.168.0.150 3389 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 5060 192.168.0.200 5060 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 5060 192.168.0.200 5060 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 5061 192.168.0.200 5061 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 5061 192.168.0.200 5061 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 4569 192.168.0.200 4569 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 4569 192.168.0.200 4569 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 42766 192.168.0.200 42766 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 42766 192.168.0.200 42766 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 8080 192.168.0.200 8080 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 8080 192.168.0.200 8080 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 5069 192.168.0.200 5069 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 5069 192.168.0.200 5069 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 5004 192.168.0.200 5004 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 5004 192.168.0.200 5004 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 www 192.168.0.200 www netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 www 192.168.0.200 www netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 5070 192.168.0.200 5070 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 5070 192.168.0.200 5070 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.1177.190 22 192.168.0.200 22 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.1177.190 ssh 192.168.0.200 ssh netmask 255.255.255.255 0 0 static (inside,outside) udp interface tftp 192.168.0.200 tftp netmask 255.255.255.255 0 0 static (inside,outside) udp interface 5062 192.168.0.200 5062 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 5063 192.168.0.200 5063 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 10000 192.168.0.200 10000 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 8000 192.168.0.200 8000 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16384 192.168.0.200 16384 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16385 192.168.0.200 16385 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16386 192.168.0.200 16386 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 20384 192.168.0.200 20384 netmask 255.255.255.255 0 0 access-group inbound in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 0.0.0.0 0.0.0.0 outside http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto map rtpmap 1 ipsec-isakmp crypto map rtpmap 1 match address 102 crypto map rtpmap 1 set peer 11.11.118.45 crypto map rtpmap 1 set transform-set SecuritySet crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000 crypto map rtpmap interface outside isakmp enable outside isakmp key ******** address 11.11.118.45 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption aes isakmp policy 20 hash md5 isakmp policy 20 group 5 isakmp policy 20 lifetime 86400 telnet 11.11.77.0 255.255.255.0 outside telnet 11.11.77.0 255.255.255.255 outside telnet 11.11.77.190 255.255.255.255 outside telnet 192.168.0.0 255.255.255.0 inside telnet 192.168.0.1 255.255.255.255 inside telnet 11.11.72.0 255.255.255.0 inside telnet 11.11.72.20 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group Internet request dialout pppoe vpdn group Internet localname 123@123.COM vpdn group isp request dialout pppoe vpdn group isp localname 123@123.COM vpdn group isp ppp authentication pap vpdn username 123@123.COM password ********* vpdn username vpn password ********* vpdn enable inside dhcpd address 192.168.0.100-192.168.0.131 inside dhcpd dns 202.138.198.10 202.138.194.36 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:af06415067aaaa431ceab5b587e7b0bd : end ========================================== SITE B Result of firewall command: "SH RUN" : Saved : PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password L26XwA9IvJH encrypted passwd 2KFQI.2KYOU encrypted hostname Shu domain-name hop fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names object-group service tri tcp-udp port-object range 5060 5063 port-object range 10000 20000 port-object range 16384 20384 port-object eq 69 object-group service UDPList udp port-object eq 5060 port-object eq 8000 port-object range 16384 20384 access-list inbound permit tcp any any eq 3389 access-list inbound permit tcp any any eq ssh access-list inbound permit tcp any any eq 5060 access-list inbound permit udp any interface outside object-group trixbox access-list Inbound permit udp any interface outside object-group trixbox access-list outbound permit tcp host 192.168.1.200 host 11.11.118.45 eq 4569 access-list outbound permit udp host 192.168.1.200 host 11.11.118.45 eq 4569 access-list outbound permit tcp host 192.168.1.200 host 11.11.118.45 eq 5060 access-list outbound permit udp host 192.168.1.200 host 11.11.118.45 eq 5060 access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list 102 permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 pager lines 110 mtu outside 1500 mtu inside 1500 ip address outside pppoe setroute ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.1.0 255.255.255.0 outside pdm location 192.168.1.0 255.255.255.0 inside pdm location 192.168.1.0 255.255.255.255 outside pdm location 192.168.1.1 255.255.255.255 outside pdm location 192.168.1.1 255.255.255.255 inside pdm location 192.168.1.0 255.255.255.255 inside pdm location 11.11.72.0 255.255.255.0 inside pdm location 192.168.1.150 255.255.255.255 inside pdm location 11.11.72.0 255.255.255.0 outside pdm location 11.11.118.45 255.255.255.255 outside pdm location 11.11.72.20 255.255.255.255 inside pdm location 192.168.1.9 255.255.255.255 inside pdm location 11.11.118.0 255.255.255.255 outside pdm location 11.11.118.0 255.255.255.0 outside pdm location 192.168.1.200 255.255.255.255 inside pdm location 192.168.0.0 255.255.255.0 inside pdm location 11.11.77.190 255.255.255.255 outside pdm location 192.168.0.0 255.255.255.0 outside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) tcp interface 3389 192.168.1.150 3389 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 5060 192.168.1.200 5060 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 5060 192.168.1.200 5060 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 5061 192.168.1.200 5061 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 5061 192.168.1.200 5061 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 4569 192.168.1.200 4569 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 4569 192.168.1.200 4569 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 42766 192.168.1.200 42766 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 42766 192.168.1.200 42766 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 8080 192.168.1.200 8080 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 8080 192.168.1.200 8080 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 5069 192.168.1.200 5069 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 5069 192.168.1.200 5069 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 5004 192.168.1.200 5004 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 5004 192.168.1.200 5004 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 www 192.168.1.200 www netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 www 192.168.1.200 www netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 5070 192.168.1.200 5070 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 5070 192.168.1.200 5070 netmask 255.255.255.255 0 0 static (inside,outside) udp 11.11.118.45 22 192.168.1.200 22 netmask 255.255.255.255 0 0 static (inside,outside) tcp 11.11.118.45 ssh 192.168.1.200 ssh netmask 255.255.255.255 0 0 static (inside,outside) udp interface tftp 192.168.1.200 tftp netmask 255.255.255.255 0 0 static (inside,outside) udp interface 5062 192.168.1.200 5062 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 5063 192.168.1.200 5063 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 10000 192.168.1.200 10000 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 8000 192.168.1.200 8000 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16384 192.168.1.200 16384 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16385 192.168.1.200 16385 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 16386 192.168.1.200 16386 netmask 255.255.255.255 0 0 static (inside,outside) udp interface 20384 192.168.1.200 20384 netmask 255.255.255.255 0 0 access-group inbound in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 0.0.0.0 0.0.0.0 outside http 192.168.1.1 255.255.255.255 inside http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp sysopt connection permit-l2tp crypto ipsec transform-set SecuritySet esp-des esp-sha-hmac crypto map rtpmap 1 ipsec-isakmp crypto map rtpmap 1 match address 102 crypto map rtpmap 1 set peer 11.11.77.190 crypto map rtpmap 1 set transform-set SecuritySet crypto map rtpmap 1 set security-association lifetime seconds 3600 kilobytes 4608000 crypto map rtpmap interface outside isakmp enable outside isakmp key ******** address 11.11.77.190 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 telnet 11.11.118.0 255.255.255.0 outside telnet 11.11.118.0 255.255.255.255 outside telnet 11.11.118.45 255.255.255.255 outside telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.1.1 255.255.255.255 inside telnet 11.11.72.0 255.255.255.0 inside telnet 11.11.72.20 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group Internet request dialout pppoe vpdn group Internet localname 123@123.COM vpdn group isp request dialout pppoe vpdn group isp localname 123@123.COM vpdn group isp ppp authentication mschap vpdn username vpn password ********* vpdn username 123@123.com password ********* dhcpd address 192.168.1.100-192.168.1.131 inside dhcpd dns 11.11.72.68 11.11.72.70 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:8d338f0c8082b13ec088d335a5e03434 : end