06-10-2006 07:17 AM - edited 02-21-2020 02:28 PM
I am trying to setup my first 501 to 501 vpn and I'm having some difficulties. I have attached both configs. Site A is a PIX dedicated to this VPN, and Site B is the remote sites primary firewall. Any help would be greatly apprectiated!! I am setting this up for VoIP. Thanks!!!
06-11-2006 07:55 AM
I have the following observations regarding your configuration of pix 501 at site A:
1) There is no default route. You probably require this to establish reachability to the other PIX.
2) You have an access-list 101 bound to your outside interface but no such access-list is configured.
3) You have a route configured for NEX-MIA but you do not require this as all traffic to NEX-MIA will be encrypted and sent over the tunnel. Please remove this route statement.
06-11-2006 09:56 AM
I have completely re-built the 501 at site A. I can now successfully connect and route to site B, but when I try to route from site B back to A I am unsuccessful.
Any suggestions on site B? Thanks!!!
06-11-2006 09:57 AM
Sorry... hit post too quick! Here are the attachements.
06-11-2006 07:22 PM
What tests are you performing that are failing? At a first glance everything seems to be in order on your Pix 501 - Site B.
06-12-2006 03:42 AM
I attempted to FTP to a server on site A and to ping a server on site A. I do not need access list entries for these items since I am going over VPN... correct?
06-12-2006 03:55 AM
Yes the 'sysopt connection permit-ipsec' statement ensures that all decrypted traffic does not have to be checked against the ACLs.
So you are able to connect to Site B from Site A but the other way is not happening ... correct? Have you tried accessing multiple servers in Site A?
06-12-2006 04:07 AM
Well I can't believe that I didn't check other servers, but I must not have since I can ping any other one... I will have to try and figure out what is going on with this particular server. Thanks for confirming that everything was ok with my configs!
06-12-2006 06:22 AM
Check to see if this server has a firewall enabled that is preventing ping requests and other connection requests. Glad to hear everything is working fine.
Please rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: