I recently setup a site-site vpn between a pix 515 running 6.3(5) and a juniper netscreen. The tunnel was configured to only allow communication between a two hosts, one on each end of the tunnel. Then the client wanted to move the host behind the pix to their dmz. We made the appropriate changes to the nat0 and match address list acls, but now it stopped working.
When I do a sh crypto ipsec sa, I get decaps and decrypt packets, but no encaps and encrypt packets. A sh isakmp sa shows an active tunnel between the two endpoints.
I'm not sure where to look from here. Haven't found anything on google.
Here's the current output from sh crypto ipsec sa:
local ident (addr/mask/prot/port): (192.168.210.50/255.255.255.255/0/0)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...