08-29-2002 01:41 AM - edited 02-21-2020 12:01 PM
Hi Amir,
I have successfully set up a IPSEC VPN with IKE between our PIX 515 and a netopia 9100 series router at our ISP's end.
I wish to disable interface pinging on the external interface of the PIX and I have used the following commands on the PIX:
Access-list acl_out deny icmp any any
Access-list acl_in deny icmp any any
ICMP deny 192.168.1.4 255.255.255.240 3 outside
This disables the interface to ICMP requests and places it in stealth mode
However I then get an issue with the IPSEC tunnel which I believe times out after a certain amount of time being idle. The Tunnel is unable to re estalish unless I remove the ICMP deny command from the PIX.
Can you please give me some pointers?
Apologies if this is a simple thing but I am new to Cisco commands and I am following the manual for this configuration.
Regards
Jamal
09-05-2002 12:46 AM
Hi Jamal,
Sorry for the delay in the response, I was out on training.
Anyhow this seems to be a specific issue which will need to be troubleshooted and specific debug information will be needed to see whats going on here. I think the fastest way to get solution on this would be to open a TAC case to have an Engineer troubleshoot this for you.
Regards,
Aamir
09-09-2002 01:14 AM
Hi Amir,
Thanks for the reply. I have manged to get traffic passing across the VPN I found that I had not added a route to my Windows 2000 client.
I have a new problem in that I am unable to initiate the connection from my end (PIX end) the ASP who's netopia router I am connecting to has to ping my internal address and the IPSEC tunnel becomes active with a status of QM_IDLE.
If I try to initiate the connection from the PIX end I get a tunnel status of MM_NO _STATE and the IPSEC tunnel does not negotiate a connection.
Your help is very much appreciated.
Jamal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: