04-16-2006 09:40 PM - edited 02-21-2020 02:22 PM
scenario
net A--3routers--PIX A---vpn---PIX B--net B
The 3 routers are configured statically.
VPN are terminated at both PIXes.
Is it possible to reach network A from network B through VPN?
What additional config do i need on the PIX A?
Thanks a lot.
04-16-2006 10:07 PM
Assuming netA is located behind an inside interface .. it is possible but you need to make sure routing between netA is reachable from the respective interface .. also you need to identify what source IP address comes as when you try pinging the PIX from netA .. the routers is between might be performing NAT in which case your access list for the interersting traffic ( IPsec ) needs to be checked accordingly
04-17-2006 01:34 PM
i could reach net A from the PIX. The 3 routers doesnt do natting. they have been configured statically to reach each other.
i have the ff access list and crypto on the PIX A
Iam not including the IKE config as am sure they are working.
NOTE that vpn is working find bidirectionally between the two inside networks of the PIXs.
access-list 100 permit ip net A net B
access-list 110 permit ip net A net B
nat (inside) 0 access-list 100
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address 110
crypto map mymap 10 set peer remoteIP
crypto map mymap 10 set transform-set myset
04-17-2006 04:59 PM
Hello,
That configuration looks appropriate but it might help if you posted a scrubbed configuration. There might be something else that your missing.
Patrick
04-17-2006 09:59 PM
04-17-2006 10:32 PM
Assuming the same interesting traffic is also configured on PIX B .. then it seem OK However, when you initiate a ping from NetA towards network B are you able to see any packets actually hitting the firewall PIXA ... could it be a routing issue you are experiencing here !!
04-18-2006 03:47 AM
yes i could see the acl being hit..note that VPN between net_B and network_X is working fine..I could even ping rtr_B from net_B
04-21-2006 01:35 AM
i rebooted the firewall and it works...thanks a lot
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: