Cisco Support Community
Community Member

Pix 520 to 501 VPN

Hello again.

Im having some issues with my setup.

My goal here is have (corporate) and the remote site of talk to each other. My config is perfect. Outside interfaces can at least pass traffic to each other. My pix 501 on the remote side can increment its access-lists fine. Even though the tunnel cannot complete.

Now at corporate traffic from any host on still can not increment the access_list. Im wondering if I need some sort of access-list on the inside interface to allow traffic through. I know the traffic is at least getting to the pix ( i checked my syslog)..but its getting denied.

here is the line in syslog that got me thinking about the inside interface.

2004-02-23 12:36:30 Local4.Error Feb 23 2004 10:16:55: %PIX-3-106011: Deny inbound (No xlate) icmp src inside: dst inside: (type 8, code 0)

2004-02-23 12:36:35 Local4.Error

Any ideas?

Community Member

Re: Pix 520 to 501 VPN

I had a route statement on the pix that didnt belong. Now that thats gone..everything seems to be incrementing. One question though. I thought my access-lists were allowing everything to flow back and forth to each other. I cant seem to ping the other segment though. IPSEC tunnel is up and running.

CreatePlease to create content