Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX will decrypt but not encrypt

I have a IPSEC/IKE tunnel successfully up between an IOS router (2600 series) and a PIX 520 firewall. The ISAKMP SA's show up fine, and the IPSEC SA's show correctly, with the correct peer, etc. A ping initiated from the IOS side gets to the PIX, and the PIX decrypts the traffic and puts it on the wire via the inside interface, just like it's supposed to. However, when the host on the PIX side responds to the ping, the PIX appears to be dropping the traffic destined for the IOS side, rather than encrypting it and putting it through the tunnel.

What am I missing here? What access-lists to I need to have in place so that the PIX sees the traffic headed out to the IOS side as interesting and encrypts it? PIX is version 6.0(1).

New Member

Re: PIX will decrypt but not encrypt

Ensure you have a valid access list for your tunnel traffic set up.

CreatePlease to create content