vpn 3000 pix L2L Trouble

Discussion in 'Cisco' started by jspr, Feb 6, 2006.

  1. jspr

    jspr Guest

    Hi all,

    Got kind of a wierd problem here. I got a concentrator 3020 to pix lan
    to lan vpn going I have configured quite a few of these in my day
    anyways there are two networks connected piont to piont behind the
    concentrator. I have 20 other sites running this excact same
    configuration. Anyways when the 3020 is on 10.1.1.X network and the
    other side of the PPP is 192.168.1.X when I bring up the VPN on
    10.2.1.X it will only see the 192.168.1.X network and not 10.1.1.X
    network. The tunnel is up the 3020 says it is up. I got all the sites
    using the same ike proposal aes-128-md5 and the same network list in
    the 3020 to access the two networks. I have the excact same acl built
    in this pix
    access-list vpn permit ip 10.2.1.0 255.255.255.0 10.1.1.0 255.255.255.0

    access-list vpn permit ip 10.2.1.0 255.255.255.0 192.168.1.0
    255.255.255.0
    (bound to crypto map)
    access-list nonat permit ip 10.2.1.0 255.255.255.0 10.1.1.0
    255.255.255.0
    access-list nonat permit ip 10.2.1.0 255.255.255.0 192.168.1.0
    255.255.255.0
    (bound to nat 0 statement)
    nat (inside) 0 access-list nonat
    My config matches all the other configs I have done I configured all my
    other 20 sites and this is exactly the same The Pix will recv packets
    but not send them and the 3020 will send but not recv the 3020 will not
    even ping the inside of the pix (management-access inside enabled)when
    it says the tunnel is up and I can ping from the 192.168.1.X
    network.... Like I mentioned before I have a network list in the 3020:
    10.1.1.0/0.0.0.255 192.168.1.0/0.0.0.255 this same list supports my
    other sites but not this one it is bound to this vpn and listed in the
    "the local network" portion of the vpn in the 3020 the "remote network"
    portion contains 10.2.1.0 0.0.0.255. The remote network is flat with
    one firewall on it. Same network list as all other working ones same
    ike proposal 3020 is running ./VPN 3000 Concentrator Version 4.1.5.Rel
    Jun 18 2004 00:22:46
    anyways I am ready to pull my hair out I am done this a thousand times.
    anyone know of a bug or something.. Thanks all
     
    jspr, Feb 6, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rick B.

    Cisco 3000 L2L Tunnel Troubles

    Rick B., Dec 11, 2003, in forum: Cisco
    Replies:
    5
    Views:
    25,213
    Rick B.
    Dec 16, 2003
  2. mattsnow
    Replies:
    5
    Views:
    5,955
    mattsnow
    Apr 5, 2007
  3. Replies:
    0
    Views:
    363
  4. Replies:
    1
    Views:
    547
    Martin Bilgrav
    May 1, 2008
  5. David Kerber
    Replies:
    4
    Views:
    3,139
    venkatb76
    Mar 27, 2009
Loading...

Share This Page