Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Permitting GRE through a PIX

I am trying to get a PIX 520 running 6.2 to pass gre through the firewall to a router so I can establish a tunnel.The tunnel originates on a router which has a VPN connection to a checkpoint firewall, from there it goes to a pix 520 and a ROUTER ON THE OTHER SIDE. The debug on pix is complaining about no translations for gre between my specified endpoints.

New Member

Re: Permitting GRE through a PIX

If you're getting the no xlate message, it usually means that you have not created a static or NAT rule for the relevant traffic, so regardless of what your ACL's say, the Pix won't pass the traffic.

Depending on whatever else you have on your Pix, and assuming that you want the GRE endpoint addresses left non-translated, you'll either be expanding the ACL on your NAT 0 rule, or you'll be creating a static entry such as:

Static (inside, outside) netmask

CreatePlease to create content