Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FreeSwan - PIX no ping answer

I have already established a VPN connection from a FreeSwan box to my PIX but the remote end can not ping or access my network.

The config is like this:

access-list 200 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=0)

access-list 210 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=14)

nat (inside) 0 access-list 200

Crypto Map "newmap" 20 ipsec-isakmp

Peer = yy.yy.yy.yy

access-list 210; 1 elements

access-list 210 permit ip host x.x.x.x y.y.y.y 255.255.255.0 (hitcnt=14)

Current peer: yy.yy.yy.yy

Security association lifetime: 4608000 kilobytes/28800 seconds

PFS (Y/N): N

Transform sets={ myset, }

Any ideas?

Thank you.

2 REPLIES
Silver

Re: FreeSwan - PIX no ping answer

It is hard for me to tell where the problem could be. Generally, check the following:

1. Are you allowing ICMP echo and echo reply packets through the PIX?

2. Is your VPN up and running? That is, does all your transform sets match and the access-lists are mirrored at both the ends.

3. Check if the routing is working. You may check this before configuring VPN.

New Member

Re: FreeSwan - PIX no ping answer

Hi,

I had to change from SHA to MD5 and everything worked fine.

Thank you.

101
Views
0
Helpful
2
Replies
CreatePlease login to create content