Allow GRE tunnel thru PIX 515E

Discussion in 'Cisco' started by patil.pritam@gmail.com, Feb 12, 2007.

  1. Guest

    Network Architecture

    PCHost------Router2851-----PIX---------------Internet-----------------
    Router-------PCHost


    Both end routers configured for GRE VPN tunnel, if i put PIX between
    Internet link & Router2851. internet is working fine on PCHOST, but
    VPN tunnel goes down, how can i allow GRE VPN traffic thru PIX.

    VPN tunnel working properly without PIX.

    I tried

    access-list 1 permit gre any any

    this did not work

    Can someone help me in this regards ?

    Thanks,
    Pritam
     
    , Feb 12, 2007
    #1
    1. Advertising

  2. On 2007-02-12 17:28, wrote:
    > I tried
    > access-list 1 permit gre any any


    Permiting GRE on my access lists works fine for me. Are You sure, You
    are modyfing the access lists that's connected to the correct inferace?


    --
    Michał Iwaszko
     
    =?UTF-8?B?TWljaGHFgiBJd2Fzemtv?=, Feb 12, 2007
    #2
    1. Advertising

  3. In article <>,
    <> wrote:
    >Both end routers configured for GRE VPN tunnel, if i put PIX between
    >Internet link & Router2851. internet is working fine on PCHOST, but
    >VPN tunnel goes down, how can i allow GRE VPN traffic thru PIX.


    Are you using static NAT for the PCHOST ? If not, are you at least
    using a global pool (i.e., a 'global' statement with an IP range)
    for it? You can't use GRE through PAT (port address translation,
    a 'global' statement with a single IP.)
     
    Walter Roberson, Feb 12, 2007
    #3
  4. Guest

    On Feb 12, 9:40 pm, Michał Iwaszko <> wrote:
    > On 2007-02-12 17:28, wrote:
    >
    > > I tried
    > > access-list 1 permitgreany any

    >
    > PermitingGREon my access lists works fine for me. Are You sure, You
    > are modyfing the access lists that's connected to the correct inferace?
    >
    > --
    > Michał Iwaszko


    I m very mutch sure i ve applied that access list to correct
    interface
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    access-group out in interface outside
    access-group in in interface inside
    access-list out permit gre any any
    access-list in permit gre any any
    access-list in permit ip any any
     
    , Feb 14, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,096
    Claude LeFort
    Nov 11, 2003
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,135
  3. Merv
    Replies:
    1
    Views:
    1,772
  4. Ivana Kvaka

    Gre through PIX 515E

    Ivana Kvaka, Sep 20, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,951
    Erik Tamminga
    Sep 24, 2005
  5. Replies:
    6
    Views:
    29,640
Loading...

Share This Page