03-16-2004 06:08 AM - edited 02-20-2020 11:17 PM
Hello Everyone, I have set up a tunnel between my PIX 515 and a Checkpoint Firewall at one of our vendors. The tunnel comes up fine, and the vendor can ping machines on my side, but I cannot ping machines on their side. When I do a "show crypto ipsec sa" I show packets decrypted and decapped, but none encrypted or encapped. I have run out of Ideas. Any help would greatly be appreciated.
03-16-2004 01:57 PM
Hi,
Can you post your PIX config. Sounds like an ACL or no-nat issue.
04-23-2004 11:49 AM
Hello,
Did you find a solution to your problem ? I have a similar issue but with a netscreen.
Thanks
Alain,
04-26-2004 01:15 PM
I had this problem, maybe this hint will help.
Beside of having the access list for the tunnel, you also must configure an ACL to let the traffic flow on the other side. You put an ACL like ...
access-list OUTBOUND permit ip 10.30.0.0 255.255.0.0 10.30.35.0 255.255.255.0
access-group OUTBOUND in interface inside
04-30-2004 11:56 AM
A random thought but does the other end have a return route to you?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide