Re: Tunneling Seems to Work Only One Way...

andyhsu · ‎02-11-2003

This is one problem that I really didn't know where the problem lies, so I'm not sure if this forum is the right one to address it in. In any case...

We've just recently put together a WAN that connects two offices together across the internet via an IPSEC VPN tunnel between two PIX 515Es. The new office is separated into numerous VLANs on a Cat 6509 which shares a VLAN with the PIX. On the other side of the VPN, the separate departments of the old office each have a separate interface on the PIX. We have terminal servers that reside on both sides that need to be accessed by members of the opposite office. Currently the new office can access the old office resources just fine. We've done zone transfers of DNS for active directory, and even logged on with old office accounts at the new office. The problem is on the other side. The old office cannot access anything in the new office. I've checked access-lists and routes -- all of it seems in order.

I'm fresh out of ideas at this point, I'm just looking for some pointers on where to look next -- please help!

kagodfrey · ‎02-11-2003

If your pix at the old office is natting the traffic to the new office it would produce a similar scenario, so if your routes and acls are ok it might be worth checking your nat 0 statement.

Rgds

Kev

andyhsu · ‎02-12-2003

I found the problem -- I accidentally left out "sysopt connection permit-ipsec" on one of the PIXes.