I'm trying to set up a site to site VPN between a Pix 501 and ASA 5540. After running into some strange problems with passing traffic, I cut my configs down to the very basics--more or less turning it into a lab environment. I have the ASA as the main site with one internal network--172.16.0.0 /16 and the Pix as the remote with one internal network--172.21.1.0 /24. As far as I can see everything is set up correctly, however I cant seem to get traffic to flow. Pinging from a host on the 172.21.1.0 network brings up the tunnel, however nothing seems to be encrypted from the ASA to the Pix. Please see the attached configs and you'll see that the setup is pretty simple. However, from the "show crypto ipsec sa" on the ASA side, you'll see nothing ever encrypted, while packets are decrypted. On the Pix side the opposite is true. It appears that something is blocking packets from entering the tunnel on the ASA side, but I can't see what would be doing that. Any help is appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...