Hall of Fame

1. RobWill364,394
2. arnold197,721
3. MikeKane197,312
4. JFrederic...170,047
5. bignewf168,320
6. Qlemo140,915
7. lrmoore138,305
8. ikalmar110,182
9. dpk_wal89,572
10. deimark79,485
11. 3nerds72,036
12. asavener54,580
13. jodylemoine46,900
14. geergon36,385
15. Quori34,527
16. RPPreacher34,355
17. ccomley33,840
18. Roachy1...33,822
19. uetian170733,444
20. MrHusy32,838
21. PeteLong30,854
22. SysExpert30,361
23. giltjr30,241
24. alanhardisty27,978
25. mitrushi27,480

1. RobWill2,021,679
2. lrmoore1,323,628
3. batry_boy467,701
4. arnold359,804
5. dpk_wal265,644
6. JFrederic...242,427
7. MikeKane228,592
8. Qlemo226,232
9. grblades218,409
10. bignewf183,320
11. rsivanandan183,296
12. MrHusy128,332
13. TechSoEasy122,268
14. mwecom...120,329
15. PeteLong116,920
16. keith_ala...115,514
17. SysExpert114,141
18. calvinetter112,805
19. ikalmar110,182
20. Voltz-dk98,355
21. deimark93,160
22. Cyclops3...90,587
23. RPPreacher79,980
24. tim_holman75,964
25. 3nerds72,036

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

4.8

BEFVP41 to PIX 515E can connect, but can't ping servers or connect to anything from remote offices.

Asked by sithman17 in Virtual Private Networking (VPN)

Tags: befvp41, 30, current, pix

Hello,

Here is my situation. I currently have a Symantec 200 VPN firewall box and linksys BEFVP41 v2 at my remote offices. I just purchased a PIX 515E for my HQ and will be purchasing 501's further down the road for my remote offices. The PIX 515E at my HQ is configured as shown below and the linksys BEFVP41 v2 at my remote office can connect to the PIX. However my clients at the remote office cannot ping any systems or connect to any servers on the otherside of the pix and I currently have VoIP traveling through the VPN to my switch back inside HQ. The VoIP traffic does not make it either. If I switch my Linsys to connect back to the Symantec box, everything is ok.

I can however from the HQ side, ping clients and a server at the remote office. But not the other way around.

Here's my config on the 515E.

RocklinFW# sh run
: Saved
:
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password XUBD2wut6GjsuvUW encrypted
passwd vy8cixnUUxk/TJ1l encrypted
hostname RocklinFW
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 140 permit ip 192.168.254.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 150 permit ip 192.168.254.0 255.255.255.0 192.168.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 63.205.221.109 255.255.255.248
ip address inside 192.168.254.1 255.255.255.0
no ip address dmz
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 207.105.165.26
nat (inside) 0 access-list 100
nat (inside) 1 192.168.254.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 63.205.221.109 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 0.0.0.0 0.0.0.0 inside
snmp-server host inside 192.168.254.111
snmp-server location ********
snmp-server contact **********
snmp-server community ******
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set reno esp-des esp-md5-hmac
crypto ipsec transform-set MeadowVista esp-des esp-md5-hmac
crypto map HQVPN 40 ipsec-isakmp
crypto map HQVPN 40 match address 140
crypto map HQVPN 40 set peer 67.118.59.226
crypto map HQVPN 40 set transform-set reno
crypto map HQVPN 50 ipsec-isakmp
crypto map HQVPN 50 match address 150
crypto map HQVPN 50 set peer 69.226.79.21
crypto map HQVPN 50 set transform-set MeadowVista
crypto map HQVPN interface outside
isakmp enable outside
isakmp key ******** address 67.118.59.226 netmask 255.255.255.255 no-xauth no-co
nfig-mode
isakmp key ******** address 69.226.79.21 netmask 255.255.255.255 no-xauth no-con
fig-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 28800
telnet 192.168.254.13 255.255.255.255 inside
telnet 192.168.254.17 255.255.255.255 inside
telnet 192.168.254.111 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
management-access inside
console timeout 5
terminal width 80
Cryptochecksum:26ee3dec91539ad2becfe7de1177a901
: end
RocklinFW#

I'm sure it is something simple but I cant out my finger on it and management wants this fixed pretty quick.

View the Solution FREE for 30 Days

20091021-EE-VQP-81

BEFVP41 to PIX 515E can connect, but can't ping servers or connect to anything from remote offices.

Asked by sithman17 in Virtual Private Networking (VPN)

Tags: befvp41, 30, current, pix

About this solution