we have a configured a Ipsec tunnel btw Pix and checkpoint peer on other end
( 188.8.131.52) . Tunnel comes up fine (phase 1&2) . But when other end tries to FTP to our server 184.108.40.206 (for that matter any traffic), i see packets coming through tunnel and hitting our server (tcpdump) , however none of the traffic goes back from the server back into the Tunnel to the other end . To confirm the issue , i cleared Sa, and generated traffic from the FTP server to client's end , My pix doesn't even tries to negotiate ISAKMP , crypto isakmp /ipsec is blank . Do you see anything wrong with my configuration ?
You can't nat exempt an address which is already nat'd. You don't need to nat exempt 220.127.116.11. Also, if you do nat exempt it, your crypto access list should not contain the 209 address, as it won't be 209 when it goes over the tunnel.
The issue is resolved now . Actually issue was that my Linux had Dual NIC , one was connected to PIX and another was connected different Network altogether . So basically traffic was entering through the Ipsec tunnel reaching our FTP server , but return traffic was going through the Second NIC (different network) ,two way communication was not happening even though Tunnel was up , I added route add command manually into the Linux ftp server and forced take route pix for the traffic going to the other end .
One thing is for sure , I cant thank enough you all for your inputs without which i would not have resolved this issue .
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...