cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
207
Views
0
Helpful
1
Replies

ASA to PIX506

vlade_osu
Level 1
Level 1

I have the strangest problem. I've been trying the last couple days to get this

l2l tunnel up. I think it's up now as I do a "show crypto isakmp" and I do see

it there but for the life of me I cannot ping any of the Inside LANs...

10.242.5.0 <-------->Public IP to Public IP<---------->10.242.35.0

I can't ping anything from 10.242.5.0 to 10.242.35.0......and visa versa. I have

a suspicious of my ACLs between the units maybe someone can verify.

10.242.35.0

access-list burl###### extended permit ip 10.242.35.0 255.255.255.0 10.242.5.0 255.255.255.0

access-list nonat extended permit ip 10.242.35.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list nonat extended permit ip 10.242.35.0 255.255.255.0 10.242.5.0 255.255.255.0

access-list outside_acl extended permit icmp any any unreachable

access-list outside_acl extended permit icmp any any echo-reply

access-list outside_acl extended permit icmp any any time-exceeded

access-list sun#### extended permit ip 10.242.35.0 255.255.255.0 192.168.0.0 255.255.255.0

10.242.5.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.1.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 192.168.20.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.10.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.15.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.20.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.25.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.161.48.0 255.255.240.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list bos##### permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list outside_cryptomap_60 permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

1 Reply 1

Not applicable

Make sure the ACE [Access Control Entry] is added to the Access list . This has been an issue for being unable to ping my local resources.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: