Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
0
Helpful
4
Replies

PIX Tunnel traffic only in one direction

admin_2
Level 3
Level 3

‎03-16-2004 06:08 AM - edited ‎02-20-2020 11:17 PM

Hello Everyone, I have set up a tunnel between my PIX 515 and a Checkpoint Firewall at one of our vendors. The tunnel comes up fine, and the vendor can ping machines on my side, but I cannot ping machines on their side. When I do a "show crypto ipsec sa" I show packets decrypted and decapped, but none encrypted or encapped. I have run out of Ideas. Any help would greatly be appreciated.

0 Helpful
4 Replies 4

mike-greene
Level 4
Level 4

‎03-16-2004 01:57 PM

Hi,

Can you post your PIX config. Sounds like an ACL or no-nat issue.

0 Helpful

aklausner
Level 1
Level 1

‎04-23-2004 11:49 AM

Hello,

Did you find a solution to your problem ? I have a similar issue but with a netscreen.

Thanks

Alain,

0 Helpful

dombilod
Level 1
Level 1
In response to aklausner

‎04-26-2004 01:15 PM

I had this problem, maybe this hint will help.

Beside of having the access list for the tunnel, you also must configure an ACL to let the traffic flow on the other side. You put an ACL like ...

access-list OUTBOUND permit ip 10.30.0.0 255.255.0.0 10.30.35.0 255.255.255.0

access-group OUTBOUND in interface inside

0 Helpful

marcreiter
Level 1
Level 1

‎04-30-2004 11:56 AM

A random thought but does the other end have a return route to you?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card