Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to Site problems

I have two pix firewalls a 515E and a 506E there is another router that I have no access to. I have tried using the VPN wizard to connect the two site and they will not connect. I have had a connection to the other router and connection to a vigor router.

Here is the config from both routers

8 REPLIES
Green

Re: Site to Site problems

You don't have nat exemption on sevenoaks pix.

nat (inside) 0 access-list no-nat

access-list no-nat permit ip 192.168.20.0 255.255.255.0 172.17.121.0 255.255.255.0

Cisco Employee

Re: Site to Site problems

Hi,

However needless to say, but the commands go in the reverse order i.e. you configure teh access-list first and then the nat command.

HTH,

Please rate if it helps.

Regards,

Kamal

Green

Re: Site to Site problems

ya, thanks Kamal

Green

Re: Site to Site problems

Did this fix it?

New Member

Re: Site to Site problems

I have wiped the config and I am trying this on a different box here are the configurations.

I cannot add the line

nat (inside) 0 access-list no-nat

The tunnels do not even try to establish. Has anyone got a pix to pix work using the wizards.

Is there any documentation for 6.3(5) for site to site pix.

Green

Re: Site to Site problems

Just a quick look, it seems you are trying to add "no-nat" when your acl is "nonat".

Try it without the "-". Just looked more closely, you already have inside_nat0_outbound, you do not need to add another nat 0.

New Member

Re: Site to Site problems

This was created by the wizard.

I have tried many thing before accessing the site. has anyone got the configuration files that work on two pix's so I can replace them with my ip adress. It would be a hell of a lot easier to do this than just addeding a line at a time.

sorry for being a bit blunt.

Green

Re: Site to Site problems

The configs look fine, you will need to do some logging.

137
Views
0
Helpful
8
Replies
CreatePlease to create content