I'm trying to connect 2 LANs to each other; from a local PIX515e to a remote PIX501, both run IOS 6.2.
The local pix has a public IP on the outside interface, while the remote pix has a private ip, since it is connected to a Zyxel P314Plus Router.
I have attached the config files of both pixes.
The commands 'show isakmp sa' and 'show ipsec sa' show a established tunnel between the pixes, but I do not seem to have a connection between the private nets. No pings or ssh connections through the Tunnel seem to reach the remote end. (Connection to the outside interface of the remote is ok)
The hitcounts on the access-lists of the remote pix show 0(crypto) and 6(nat0) hits while the local shows appropriate numbers (>10000).
The configs look fine, I presume the other tunnels on the 515e are all working OK, so the problem is not at that end.
I would guess that the problem is the Zyxel is not passing the ESP packets through to the 501 properly. The tunnel is built OK cause this all happens on UDP/500, something the Zyxel is happy to forward on to the 501. The actual data packets though are ESP, which is not TCP or UDP based, so a lot of boxes have trouble NAT'ing or forwarding these, you might want to check and see if the Zyxel is capable of doing this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :