Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Tunnel traffic only in one direction

Hello Everyone, I have set up a tunnel between my PIX 515 and a Checkpoint Firewall at one of our vendors. The tunnel comes up fine, and the vendor can ping machines on my side, but I cannot ping machines on their side. When I do a "show crypto ipsec sa" I show packets decrypted and decapped, but none encrypted or encapped. I have run out of Ideas. Any help would greatly be appreciated.

4 REPLIES
Bronze

Re: PIX Tunnel traffic only in one direction

Hi,

Can you post your PIX config. Sounds like an ACL or no-nat issue.

New Member

Re: PIX Tunnel traffic only in one direction

Hello,

Did you find a solution to your problem ? I have a similar issue but with a netscreen.

Thanks

Alain,

New Member

Re: PIX Tunnel traffic only in one direction

I had this problem, maybe this hint will help.

Beside of having the access list for the tunnel, you also must configure an ACL to let the traffic flow on the other side. You put an ACL like ...

access-list OUTBOUND permit ip 10.30.0.0 255.255.0.0 10.30.35.0 255.255.255.0

access-group OUTBOUND in interface inside

New Member

Re: PIX Tunnel traffic only in one direction

A random thought but does the other end have a return route to you?

128
Views
0
Helpful
4
Replies