Setup - PIX 515E w/6.3.5 - One internal network and two "external" networks
I've got one Cisco Router to our MCI networks on one outside interface and a Cable modem on the other outside interface. I want to route all site to site VPN traffic over the MCI connections and route all other traffic over the cable modem.
I've setup static routes to the remote VPN subnets external IP address which point to the Cisco router's IP address. I setup default to be the cable modem's IP address.
I have setup a PAT rule to go out over the Cable modem interface and a No-Nat rule for the VPN subnets.
Both outside interfaces have the security set to 0.
I figured this would work, but all traffic seems to be going out the cable modem or dropping. It is very hard to tell what is going on as traceroute doesn't work with site to site VPN. Can someone point me in the right direction with troubleshooting or if this is even possible? Thanks!
Could you please give me the output of the following commands:
1) show route
2) show nameif
3) make sure icmp (echo, reply) is allowed through, then give me the output of the "show icmp trace" command while sending pings to a private ip address on the other side of the tunnel from a host that sits behind your "inside" interface.
I've added a route to 10.10.0.0 255.255.0.0 that points to my x.x.x.gw. Now that crypto ACL is being triggered and the ISAKMP engine is trying to establish that connection. However, the ISAKMP engine is STILL trying to use my cable modem to establish the SA. Very interesting and annoying!
I had a similar problem. My gateway router has one multilik bundle and a frame coming into it. The two WAN connections are from different providers. Initial plan was to route all internet bound traffic through the multilink and all site to site VPN through the frame.
I added routes on the router for all the peer IP's of the firewalls to go through the frame and default pointed to Multilink. I got the same results as you did.
I had to change the Outside if IP address to one that was provided by the multilink provider.
Hi ! I have a 2 internet provider and a PIX 515 (7.04). I want to know if I can connect the 2 provider on my PIX ? Can I configure 2 defaults network ? My goal is to have 2 internet link for the outgoing traffic.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :