From: Larry Roberts (groupstudy@american-hero.com)
Date: Tue Jun 21 2005 - 22:20:18 GMT-3
On the PIX, what does your nat 0 look like? ie does it have an
access-list permitting traffic from 10.2.0.0/16 to 10.1.0.0/16 ?
access-list NONAT permit ip 10.2.0.0 255.255.0.0 10.1.0.0 255.255.0.0
nat (inside) 0 access-list NONAT
Having deleted the previous thread a post of your config's relevant
portions would be helpful.
chon_mon@nym.hush.com wrote:
> Ok - so now the VPN is up, both sites see each other and the
> packets come across - but I think the PIX is dropping them. I do a
> debug crypto ipsec and debug crypto isakmp, and see the packets
> encrypting and decrypting, but when I trying pinging site to site -
> I get nothing. NOTHING!!!!! <---- wishful exclamation
> thinking..... <---reality.
>
> I am allowing everything in the pix, and also my crypto acl is
> correct. Both IKE's match on either site, and everything is
> established, except successful pinging of the private networks
> behind each firewall appliance.
>
> 10.2.0.0/16 PIX<------->WAN<--------->SONIC 10.1.0.0/16
>
> Like I said, everything shows up correctly - even rebooted both
> firewall appliances. Any suggestions at this point would be
> greatly appreciated. BTW - there is nothing except the PIX and my
> laptop at the 10.2.0.0/16 site. TIA. -Sean
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3