12-05-2006 08:36 AM - edited 03-11-2019 02:04 AM
Hi,
I am a newcomer to cisco pixs and I am trying to setup an ipsec vpn between 2 sites. I cant seem to get the vpn tunnel up? Attached are the 2 configs.
Any advice would be very much appreciated.
Thanks in advance.
12-05-2006 08:51 AM
A small topology diagram would help. Here's a starter.
Site A Pix needs
nat (inside) 0 access-list 100
Site B Pix
crypto map newmap 40 match address 140, NOT 150, access-list 150 does not exist
nat (inside) 0 access-list 100
12-05-2006 08:55 AM
Paul,
On FORUM SitA Pix, add the below lines to the configuration.
nat(inside) 0 access-list 100
On FORUM SitB Pix, reconfigure the match address from
crypto map newmap 40 match address 150
To
crypto map newmap 40 match address 140
And if you want to allow FORUM Site B users to have internet access, then you need to configured NAT for NATTing all internet traffic and NAT 0 to bypass NAT for IPSEC Traffic.
For example:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (inside) 0 access-list 100
After you make the above configuration changes, do a clear xlate, clear cry is sa and clear cry ipsec sa and then bring up the tunnel.
Let me know how it goes.
I hope it helps.
Regards,
Arul
** Please rate all helpful posts **
12-05-2006 08:55 AM
Hi
Take a look at the following document - very good to get you going:
Hope this helps and please rate posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: