Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
9
Helpful
8
Replies

PIX 501 to 501 vpn

rmeder
Level 1
Level 1

‎06-10-2006 07:17 AM - edited ‎02-21-2020 02:28 PM

I am trying to setup my first 501 to 501 vpn and I'm having some difficulties. I have attached both configs. Site A is a PIX dedicated to this VPN, and Site B is the remote sites primary firewall. Any help would be greatly apprectiated!! I am setting this up for VoIP. Thanks!!!

Labels:
0 Helpful
8 Replies 8

atif.awan
Level 3
Level 3

‎06-11-2006 07:55 AM

I have the following observations regarding your configuration of pix 501 at site A:

1) There is no default route. You probably require this to establish reachability to the other PIX.

2) You have an access-list 101 bound to your outside interface but no such access-list is configured.

3) You have a route configured for NEX-MIA but you do not require this as all traffic to NEX-MIA will be encrypted and sent over the tunnel. Please remove this route statement.

rmeder
Level 1
Level 1
In response to atif.awan

‎06-11-2006 09:56 AM

I have completely re-built the 501 at site A. I can now successfully connect and route to site B, but when I try to route from site B back to A I am unsuccessful.

Any suggestions on site B? Thanks!!!

0 Helpful

rmeder
Level 1
Level 1
In response to rmeder

‎06-11-2006 09:57 AM

Sorry... hit post too quick! Here are the attachements.

0 Helpful

atif.awan
Level 3
Level 3
In response to rmeder

‎06-11-2006 07:22 PM

What tests are you performing that are failing? At a first glance everything seems to be in order on your Pix 501 - Site B.

rmeder
Level 1
Level 1
In response to atif.awan

‎06-12-2006 03:42 AM

I attempted to FTP to a server on site A and to ping a server on site A. I do not need access list entries for these items since I am going over VPN... correct?

0 Helpful

atif.awan
Level 3
Level 3
In response to rmeder

‎06-12-2006 03:55 AM

Yes the 'sysopt connection permit-ipsec' statement ensures that all decrypted traffic does not have to be checked against the ACLs.

So you are able to connect to Site B from Site A but the other way is not happening ... correct? Have you tried accessing multiple servers in Site A?

rmeder
Level 1
Level 1
In response to atif.awan

‎06-12-2006 04:07 AM

Well I can't believe that I didn't check other servers, but I must not have since I can ping any other one... I will have to try and figure out what is going on with this particular server. Thanks for confirming that everything was ok with my configs!

0 Helpful

atif.awan
Level 3
Level 3
In response to rmeder

‎06-12-2006 06:22 AM

Check to see if this server has a firewall enabled that is preventing ping requests and other connection requests. Glad to hear everything is working fine.

Please rate helpful posts.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents