Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Cisco » Issues with Cisco 871 tunnel with Pix515e
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
CCNA Voice / CCVP Lab »
« [Config] ASA Port Forwarding Help  
AuthorAll Replies


nfx
The Wire
Premium
join:2001-05-21
Vancouver, BC
clubs:

2 edits		reply to bigdogg2
Re: Issues with Cisco 871 tunnel with Pix515e

crypto map SiteToSiteVPN 1 match address inside_cryptomap
crypto map SiteToSiteVPN 1 set peer 10.44.44.2
crypto map SiteToSiteVPN 1 set transform-set ESP-3DES-MD5 ESP-DES-MD5 xform-3des-md5
crypto map SiteToSiteVPN interface inside

Is this the crypto map you're using for the site-to-site VPN?

If so, the ACL it's matching, inside_cryptomap, only allows IP traffic.

This is the ACL it's matching: access-list inside_cryptomap extended permit ip 10.35.1.0 255.255.255.0 10.44.44.0 255.255.255.0

You need to add ICMP to that ACL.

edit: Same for the 871 config, you need to add ICMP to the ACL called "tunnel".
--
nfx
to forum · permalink · · 2009-06-30 18:27:10 · Reply to this

bigdogg2

join:2004-08-11

 When you do a "permit ip" you are permitting everything over the protocol stack which would include TCP, UDP and ICMP.

I did fix the issue by removing "ip nat inside" on "int vlan1" and removing "ip nat outside" from "int f4". Since vlan 1 was not coming up I added my Loop Back IP into the tunnel ACL and then I was able to ping and telnet to ports on both sides of the crypto tunnel.
to forum · permalink · · 2009-06-30 22:03:18 · Reply to this


nfx
The Wire
Premium
join:2001-05-21
Vancouver, BC
clubs:		 You're right. I had to go back and review CCNA material to realize this. Thanks.
--
nfx
to forum · permalink · · 2009-06-30 22:45:47 · Reply to this
-
Forums » Equipment Support » Hardware By Brand » CiscoCCNA Voice / CCVP Lab »
« [Config] ASA Port Forwarding Help  

Sunday, 06-Dec 00:24:52 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [147] Avast Antivirus Has Gone Mad
· [128] Comcast Makes NBC Universal Acquisition Official
· [122] The Bandwidth Hog Does Not Exist
· [105] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [85] FCC Ponders Moving From PSTN To IP Voice
· [82] Latest Consumer Reports Survey Not Kind To AT&T
· [80] New Bill Aims To Limit ETFs
· [75] Sprint Defuses GPS Privacy Media Bomb
Most people now reading
· False positive in Avast! or is it real? [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Wife might have to work in.... Iowa for a few months!!! [General Questions]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· HVAC - Leaving a bedroom window open? [Home Repair & Improvement]
· Connecting to Google Voice Via SIP [VOIP Tech Chat]
· First commercial tool to crack BitLocker arrives (Updated) [Security]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· Is Microsoft Technet ok to use for my family PC's? [Microsoft Help]