Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Allow GRE tunnel thru PIX 515E

Reply
Thread Tools

Allow GRE tunnel thru PIX 515E

 
 
patil.pritam@gmail.com
Guest
Posts: n/a
 
      02-12-2007
Network Architecture

PCHost------Router2851-----PIX---------------Internet-----------------
Router-------PCHost


Both end routers configured for GRE VPN tunnel, if i put PIX between
Internet link & Router2851. internet is working fine on PCHOST, but
VPN tunnel goes down, how can i allow GRE VPN traffic thru PIX.

VPN tunnel working properly without PIX.

I tried

access-list 1 permit gre any any

this did not work

Can someone help me in this regards ?

Thanks,
Pritam

 
Reply With Quote
 
 
 
 
=?UTF-8?B?TWljaGHFgiBJd2Fzemtv?=
Guest
Posts: n/a
 
      02-12-2007
On 2007-02-12 17:28, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I tried
> access-list 1 permit gre any any


Permiting GRE on my access lists works fine for me. Are You sure, You
are modyfing the access lists that's connected to the correct inferace?


--
Michał Iwaszko
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      02-12-2007
In article <(E-Mail Removed) .com>,
<(E-Mail Removed)> wrote:
>Both end routers configured for GRE VPN tunnel, if i put PIX between
>Internet link & Router2851. internet is working fine on PCHOST, but
>VPN tunnel goes down, how can i allow GRE VPN traffic thru PIX.


Are you using static NAT for the PCHOST ? If not, are you at least
using a global pool (i.e., a 'global' statement with an IP range)
for it? You can't use GRE through PAT (port address translation,
a 'global' statement with a single IP.)
 
Reply With Quote
 
patil.pritam@gmail.com
Guest
Posts: n/a
 
      02-14-2007
On Feb 12, 9:40┬*pm, Micha┼é Iwaszko <(E-Mail Removed)> wrote:
> On 2007-02-12 17:28, (E-Mail Removed) wrote:
>
> > I tried
> > access-list 1 permitgreany any

>
> PermitingGREon my access lists works fine for me. Are You sure, You
> are modyfing the access lists that's connected to the correct inferace?
>
> --
> Michał Iwaszko


I m very mutch sure i ve applied that access list to correct
interface
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-group out in interface outside
access-group in in interface inside
access-list out permit gre any any
access-list in permit gre any any
access-list in permit ip any any

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GRE tunnel with a pix 501 and a 2620 that doesnt have a wan module :) atlantian2004 Cisco 2 10-21-2006 02:35 PM
GRE Tunnel up/up Cannot ping tunnel interface tsvanduyn@yahoo.com Cisco 6 03-09-2006 01:33 AM
Gre through PIX 515E Ivana Kvaka Cisco 1 09-24-2005 08:35 AM
Split Tunnel Blocks http through tunnel but passes http around tunnel a.nonny mouse Cisco 2 09-19-2004 12:10 AM
Termination of an IPSec VPN tunnel and a GRE Tunnel on one physical interface. John Ireland Cisco 1 11-11-2003 04:47 PM



Advertisments