I have a PIX 515 and a PIX 506 both connected via broadband to the internet. I have setup a VPN configuration between the two but am having some trouble getting traffic from clients behind either one to the opposite side clients respectively.
The PIX 515 is also responsible for several other subnets connecting through it via ISDN lines across ISDN routers.
The PIX's can from within their console interfaces ping successfully to any client across the VPN (using "ping outside 10.128.1.x , an internal IP of the opposite subnet and getting successful responses.)
And currently these two networks are already connected via a ISDN line so they can communicate already. This will change soon, hence why I'm trying to setup a VPN between the two PIX's across broadband DSL lines.
Below are the configurations:
PIX 515: (some unrelated lines removed)
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxx encrypted
passwd xxxxxxxxxx encrypted
fixup protocol ftp 21
fixup protocol skinny 2000
name x.x.x.98 GreenBuilding
name x.x.x.126 PalHall
access-list testonly permit ip any any
access-list vpn1 permit ip 10.128.1.0 255.255.255.0 10.128.15.0 255.255.255.0
access-list vpn1 permit ip host GreenBuilding 10.128.15.0 255.255.255.0
It seems that the VPN is established. When I run debug crypto isakmp, i dont get anything but reaper lines, before it was established i got a ton of debug info on why the VPN wasnt working. That's not happening anymore. I can ping the opposite networks from within the PIX console over the outside interface.
It just seems that the PIX's arent allowing traffic back and forth from clients inside their networks across the established VPN.
I'm stumped how to fix this. I think my access-lists are ok, i even put that wide open access-list on the 515 to test with and still could not ping across.
Any help would be Wonderful! Thank you for your time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...