Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

getting the following errors between lan2lan VPN: %PIX-2-106001

Hi I am getting the following errors when trying to ssh between 2 servers over the VPN tunnel. I see it is going out of my acl_inside access-list but I do not see it reaching the VPN acess list. There is no natting between the 2 ips.

# no natting for 10.13.36.0 subnet to 10.2.0.0 subnet

access-list nonat extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0

# acl_in access list

access-list acl_in line 4 extended permit tcp host 10.13.37.245 host 10.2.12.202 (hitcnt=28)

access-list acl_in line 31 extended permit ip 10.13.36.0 255.255.254.0 10.2.0.0 255.255.192.0 (hitcnt=462)

# VPN access list

access-list XO_access_in line 5 extended permit tcp host 10.2.12.202 eq ssh host 10.13.37.245 (hitcnt=0)

%PIX-2-106001: Inbound TCP connection denied from 10.13.37.245/58736 to 10.2.12.202/22 flags SYN on interface inside

# show version

Cisco PIX Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)

Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "flash:/pix704.bin"

2 REPLIES
Green

Re: getting the following errors between lan2lan VPN: %PIX-2-106

Any chance of getting more complete configs?

New Member

Re: getting the following errors between lan2lan VPN: %PIX-2-106

Here is the config minus the private information. I am just trying to ssh to 10.2.12.202 from 10.13.37.245 via the UK VPN tunnel. There should be no NATing, as well.

Thanks,

Kap

113
Views
0
Helpful
2
Replies