Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA to PIX506

I have the strangest problem. I've been trying the last couple days to get this

l2l tunnel up. I think it's up now as I do a "show crypto isakmp" and I do see

it there but for the life of me I cannot ping any of the Inside LANs...

10.242.5.0 <-------->Public IP to Public IP<---------->10.242.35.0

I can't ping anything from 10.242.5.0 to 10.242.35.0......and visa versa. I have

a suspicious of my ACLs between the units maybe someone can verify.

10.242.35.0

access-list burl###### extended permit ip 10.242.35.0 255.255.255.0 10.242.5.0 255.255.255.0

access-list nonat extended permit ip 10.242.35.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list nonat extended permit ip 10.242.35.0 255.255.255.0 10.242.5.0 255.255.255.0

access-list outside_acl extended permit icmp any any unreachable

access-list outside_acl extended permit icmp any any echo-reply

access-list outside_acl extended permit icmp any any time-exceeded

access-list sun#### extended permit ip 10.242.35.0 255.255.255.0 192.168.0.0 255.255.255.0

10.242.5.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.1.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 192.168.20.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.10.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.15.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.20.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.25.0 255.255.255.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.161.48.0 255.255.240.0

access-list nonat permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list bos##### permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list outside_cryptomap_60 permit ip 10.242.5.0 255.255.255.0 10.242.35.0 255.255.255.0

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded

access-list 100 permit icmp any any unreachable

1 REPLY
Anonymous
N/A

Re: ASA to PIX506

Make sure the ACE [Access Control Entry] is added to the Access list . This has been an issue for being unable to ping my local resources.

99
Views
0
Helpful
1
Replies
CreatePlease to create content