Hi all,
I have the following problem and I am stuck at the moment and cannot find out how to solve this:
I have a PIX 525 at the main site where multiple 506 PIXes are connected with Site-to-site and they just work fine. Now I have added an additional PIX on another site which is connected to a DSL-Router and doesn't have a public IP assigned but an IP address in the LAN between the router and the PIX while the public IP is assigned to the DSL-Router. Maybe a little "picture" will help understanding:
Host (WinXP: IP 10.z.x.x/24) ------- (IP 10.z.x.y/24) -> PIX 506 <- (IP 192.x.x.x) ---
--- (IP 192.x.x.y) -> DSL-Router <- (public IP) ---
--- (public IP) -> PIX 525 (main site) <- (internal IP 10.x.x.y) ------- Host (e.g. WinXP with IP 10.x.x.x)
Now the thing is that the VPN-Tunnel establishes fine but I cannot get traffic (Ping) through.
I already found out that a Ping from the XP host at the 506 site (IP 10.z.x.x) reaches the Host on the other site (IP 10.x.x.x) as I can see from the PIX 525 log but does not find its way back through the established tunnel. So my problem is: How can that be solved. Normally all traffic for the tunnel should be determined by the PIX from the access-lists. I have nonat access-list for the 10.z.x.x/24 network on the 525 and also the cryptomap access-list. So I thought I have configured my PIX correctly. But obviously there is something wrong. Could it be the router at the remote site? As the VPN tunnel is fine I assume it is not.
I would appreciate any idea that leads me to a solution.
Thanks
Daniel
Start Free Trial
