vpn 3000 pix L2L Trouble

  1. jspr

    jspr Guest

    Hi all,

    Got kind of a wierd problem here. I got a concentrator 3020 to pix lan
    to lan vpn going I have configured quite a few of these in my day
    anyways there are two networks connected piont to piont behind the
    concentrator. I have 20 other sites running this excact same
    configuration. Anyways when the 3020 is on 10.1.1.X network and the
    other side of the PPP is 192.168.1.X when I bring up the VPN on
    10.2.1.X it will only see the 192.168.1.X network and not 10.1.1.X
    network. The tunnel is up the 3020 says it is up. I got all the sites
    using the same ike proposal aes-128-md5 and the same network list in
    the 3020 to access the two networks. I have the excact same acl built
    in this pix
    access-list vpn permit ip

    access-list vpn permit ip
    (bound to crypto map)
    access-list nonat permit ip
    access-list nonat permit ip
    (bound to nat 0 statement)
    nat (inside) 0 access-list nonat
    My config matches all the other configs I have done I configured all my
    other 20 sites and this is exactly the same The Pix will recv packets
    but not send them and the 3020 will send but not recv the 3020 will not
    even ping the inside of the pix (management-access inside enabled)when
    it says the tunnel is up and I can ping from the 192.168.1.X
    network.... Like I mentioned before I have a network list in the 3020: this same list supports my
    other sites but not this one it is bound to this vpn and listed in the
    "the local network" portion of the vpn in the 3020 the "remote network"
    portion contains The remote network is flat with
    one firewall on it. Same network list as all other working ones same
    ike proposal 3020 is running ./VPN 3000 Concentrator Version 4.1.5.Rel
    Jun 18 2004 00:22:46
    anyways I am ready to pull my hair out I am done this a thousand times.
    anyone know of a bug or something.. Thanks all
    jspr, Feb 6, 2006
