Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tunneling Seems to Work Only One Way...

This is one problem that I really didn't know where the problem lies, so I'm not sure if this forum is the right one to address it in. In any case...

We've just recently put together a WAN that connects two offices together across the internet via an IPSEC VPN tunnel between two PIX 515Es. The new office is separated into numerous VLANs on a Cat 6509 which shares a VLAN with the PIX. On the other side of the VPN, the separate departments of the old office each have a separate interface on the PIX. We have terminal servers that reside on both sides that need to be accessed by members of the opposite office. Currently the new office can access the old office resources just fine. We've done zone transfers of DNS for active directory, and even logged on with old office accounts at the new office. The problem is on the other side. The old office cannot access anything in the new office. I've checked access-lists and routes -- all of it seems in order.

I'm fresh out of ideas at this point, I'm just looking for some pointers on where to look next -- please help!

New Member

Re: Tunneling Seems to Work Only One Way...

If your pix at the old office is natting the traffic to the new office it would produce a similar scenario, so if your routes and acls are ok it might be worth checking your nat 0 statement.



New Member

Re: Tunneling Seems to Work Only One Way...

I found the problem -- I accidentally left out "sysopt connection permit-ipsec" on one of the PIXes.

CreatePlease login to create content