Cannot get end to end vpn to work between ASA5510 and PIX506
Hello all, I am sure I am close, but I am missing something. I have an ASA5510 that does client VPNs with radius authentication as well as 1 end for a VPN tunnel to a Pix 506. The client vpn works great, and there are no issues. The device tunnel is a different story. I cannot get traffic to go accross the vpn tunnel between the ASA and the 506 from either side. I have verified that clients behind both firewalls can get to the internet. My configs are below. Your help is greatly appreciated.
THe lan side of the ASA is 192.168.1.0. The lan side of the PIx506 is 10.20.30.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.20.30.0 255.255.255.0
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list sb_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 10.2.2.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip 192.168.1.0 255.255.255.0 10.20.30.0 255.255.255.0
Re: Cannot get end to end vpn to work between ASA5510 and PIX506
hi .. teh config seems OK .. are you able to ping each other 's public interfaces ..? please allow this on each outside interfaces to make sure reacheability is OK .. if they can then .. do a debug crypto isakmp and debug crypto ipsec on both ( ASA and PIxes ) and post the output
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...