Hi, hope someone can help with this. I am trying to establish a site to site tunnel between an ios router and a PIX 7.0(1). The ios router is 12.4(15)T7. At the IOS router side I have configured a static 1 to 1 NAT to translate the 172.31.x.x source address to 172.30.x.x, the crypto's at both sides of the tunnel are configured for 172.30.x.x subnet. What I can see happening is the tunnel being established, the IOS router encaps/decaps packets, but the counter on the PIX side is only encapsulating packets, absolutely none are being decapsulated. So it looks like the pix is sending packets, the ios router is sending and receiving themâ¦â¦
The relevant info in the configs is below, any suggestions would be welcome.
ip access-list extended CRYPTO
permit ip 172.30.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 172.30.0.0 0.0.255.255 10.0.0.0 0.255.255.255
Since the pix is encapsulating and the IOS is encapsulating and decapsulating traffic then it suggests to be that there may be a firewall blocking esp over udp traffic(inbound on the filtering device in the transit path ) from the ios back to the pix hence the pix has no packets to deencapsulate
Thanks for getting back to me. I've checked the config of the internet facing router and there is no port filtering. At present, I have VPN clients that can connect to the PIX for remote access. I still cannot see how the PIX is either not receiving packets from the ios router, or is receiving them and not identifying them as being to/from an established VPN tunnel...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...