Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC - Pix to VPN

I have created an access-list that provides access from portions of this subnetted network 172.16.15.0/21 access across an IPSEC tunnel to a network of 172.16.0.0/21 network. I cannot access any port across the ipsec tunnel except ICMP dst ports. Here is my PIX ACL:

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.2.0 255.255.255.0

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.2.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.4.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.6.0 255.255.255.0

access-list 101 permit ip 172.16.8.0 255.255.255.0 172.16.7.0 255.255.255.0

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.4.0 255.255.255.0

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.6.0 255.255.255.0

access-list 101 permit ip 172.16.10.0 255.255.255.0 172.16.7.0 255.255.255.0

access-list 101 permit ip 63.97.183.0 255.255.255.0 172.16.4.0 255.255.255.0

access-list 101 permit ip 63.97.183.0 255.255.255.0 172.16.2.0 255.255.255.0

1 REPLY
New Member

Re: IPSEC - Pix to VPN

I guess you checked that the tunnel is up and that the traffic is running through it ? (sh isakmp sa + traceroute)

Have you connected the access-list 101 to the crypto map (basic, I know)

Have you added the access-list 101 to a NAT 0 statement (if you use NAT0)

Make sure that the opposite access-list (on the other device) is the same as on this one (with the source and destination switched)

79
Views
0
Helpful
1
Replies
CreatePlease to create content