Before implement IPSEC between two sites with PIX, I have a test first with a PIX501 and a 2600 router. I config the IPSEC setting in the two equipment and set the peer of one equipment to the outbound interface of the other one. In PIX501, I enable the function that bypass the check for IPSEC traffic. I just have 1 pc so that I connect the pc to the PIX inside interface and create a loopback interface in the 2600 for testing. I can form an IPSEC channel when I initiate the IPSEC frmo the PIX to the 2600 and I ping from the pc to the loopback interface of 2600 and success. And I clear the IPSEC channel (I use "clear crypto isakmp" in the router and reboot the PIX), and use extend ping from the router using the loopback interface of source address and ping the IP of the pc and fail. I had check the access-list and IPSEC peer of the router and PIX but I think it's all right. Because I am lack of experience of PIX, can anyone tell me the reason?
When your clear the isakmp and ipsec SA's and then try to ping the host behind the Pix 501 from the router using the loopback address as the source, does the Tunnel come up.
How does your Pix 501 get a public ip address. Is it a static or a DHCP assigned one.
When you are not able to bring the tunnel from the router, what happens if you go to the host behind the pix and try to ping the loopback address of the router. Does the tunnel come up without any issue.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...