Thank I was waiting for some feedback !

I did tried with the loopback and it didn`t work but one think was different from the document you refered; I added an ipx network to the loopback adresse. I will try without but I don`t think it will work better.

As soon as you have a tunnel ipx routing information do not pass trough the tunnel so a client can`t reach a novel server...

Ch

Thanks for your help

No I can`t ping tunnel interface.

router 1

#show ipx interface tunnel 300

Tunnel300 is up, line protocol is up

IPX address is 19.0060.8325.b480 [up]

outside interface

--------PIX--------

inside interface

router 2

#show ipx interface tunnel 30019.00d0.057c.8bfc

Tunnel300 is up, line protocol is up

IPX address is 19.00d0.057c.8bfc [up]

#show ipx route

C 19 (TUNNEL), Tu300

C 25 (NOVELL-ETHER), Vl10

On router 2, I can`t ping the other end of the tunnel which is 19.0060.8325.b480. Same thing the other way around. Again on router 2 I can ping the ipx interface of the ipx network 25 define locally.

I did notice on my pix that the source address of the GRE can be any ip address. I was sure that the source IP address could only be 10.137.248.1 for a paquet originating from router 1 to router 2.

I had to change my ACL on the pix for permit gre XX.XX.0.0 255.255.0.0 host 10.137.253.1 I was sure this was the problem but I still can`t ping

Ch

I did not mean can you ping the tunnel interface , I meant from router 1 can you ping 10.137.248.1 sourcing your ping from vlan253 . If you can't I beleive this is your problem . Also from router 2 try to ping 10.137.253.1 sourcing from vlan 248

I can ping each interface router ! I checked in the Pix in debug mode and no error or acl seem to block these adresses or the tunnel. I have no clue why I can`t tunnel IPX ! I might be missing something about IPX I am not a guru. It should be a simple cisco config recipe but any way.

There is not much info about tunnel interface in general and all exemple are about IPSEC, ISDN. I will have to read more about it and try it again later

I give up and I will find a workaround for now! Thanks for the help!

ch

Hi,

Have you permitted using a conduit or acl in the pix, allowing GRE tunnel traffic from outside to inside (router 1 to router2) ?

The acl will look something like this

access-list 101 permit gre host 10.137.248.1 host 10.137.253.1

access-list 101 in interface outside

Hope that helps!@

Yes I did the acl in the PIX ! Still doesn`t work!

I will find out one day but for the moment I need to migrate station so an easy workaround is to link the two router together with a vlan. The interfaces have only IPX defined so it work.

I know I bypass my firewall but since it only temporary I will live with it.

Thanks for all the helps, very appreciated! I will work on that problem and see what wrong later! I will let you know if one day I make it work.

Ch