Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Proplem between Pixfirewall506E and Contivity (Nortel)

The tunnel is up but not transfer routing, so we are can not ping between 2 sites although we are using the static routing. What can I do to solve this?

5 REPLIES
Cisco Employee

Re: VPN Proplem between Pixfirewall506E and Contivity (Nortel)

Hi,

If your tunnel is up and routing is looking good, we need to check the IPSec SA's to see whether there are any encrypts and decrypts and also make sure that you are bypassing NAT ( NAT 0 ) on the pix for the IPSec traffic, if the pix is configured for NAT.

Regards,

Arul

Community Member

Re: VPN Proplem between Pixfirewall506E and Contivity (Nortel)

Hi Arul

I have checked informations which you advice me by command: sh crypt is sa

and I'm sure that the NAT 0 on the pix bypassing NAT for the IPSec traffic. When I ping other site have packet outbound but haven't packet Inbound. I don't known why ?. Can you give me advices. Thanks

Regards

Community Member

Re: VPN Proplem between Pixfirewall506E and Contivity (Nortel)

I am having the same problem with our 515e talking to a nortel contivity 4500. I have the tunnel up but can not reach the host on the other side. My question is related to your suggestion of NAT 0 being used on the IPSec traffic. The client we ar working with has overlapping internal ip addreses with us so I cannot by pass NAT. I'm wondering if the NAT tranlation is some how causing the problem... ? Any suggestions

JH

Community Member

Re: VPN Proplem between Pixfirewall506E and Contivity (Nortel)

The problem was resolved by matching the isakmp policy's lifetime between the pix and the nortel box.

JH

Bronze

Re: VPN Proplem between Pixfirewall506E and Contivity (Nortel)

Hi there,

Can you do "sh cry ip sa" on the pix ans see if it is encrypting/decrypting the traffic

Jazib

108
Views
0
Helpful
5
Replies
CreatePlease to create content