Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

help with site to site vpn between 515 and 506 pix

deleted fixed

Everyone's tags (3)
1 REPLY

Re: help with site to site vpn between 515 and 506 pix

Hi,

I don't see a nat0 ACL on the PIX running 8.x

Can you check the following:

PIX 8.x

access-list nonat permit ip 172.16.1.0 255.255.255.0 10.1.11.0 255.255.255.0

nat (inside) 0 access-list nonat

PIX 7.x

access-list nonat permit ip 10.1.11.0 255.255.255.0 172.16.1.0 255.255.255.0

nat (inside) 0 access-list nonat

The ACL applied to the crypto map should define the same traffic as the above ACL.

Also.. add the command ''management-access inside'' and try to PING between inside addresses.

ie.

From PIX 8.x

ping inside 10.1.11.1

Check the establishmet of phase 1:

sh cry isa sa

Check the establishment of phase 2:

sh cry ips sa

Federico.

584
Views
0
Helpful
1
Replies
CreatePlease login to create content