[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Site to Site  VPN with PIX

Posted on 2006-05-22
4
Medium Priority
?
340 Views
Last Modified: 2010-04-12
I need some assistane with a configuration that is slightly different from what i am used to.  Normally when configuring a site to site vpn i will use 1 access list to for non NATing
purposes such as:

access-list NoNAT permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list NoNAT

//And another access list for the traffic to permit through the tunnel:

access-list VPNTraffic permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
crypto map MAP 10 match address VPNTraffic

//This usually works without any problem.  I now need to configure the PIX such that only 1 host on each end is able to communicate through tunnel. I changed one access list to:

access-list VPNTraffic permit ip host 192.168.0.x host 192.168.10.x

//thinking that would suffice but cannot ping through the tunnel from 192.168.0.x to 192.168.10.x or vice versa.  


Any assistance with configuring what i need to accomplish is appreciated.
0
Comment
Question by:andreacadia
  • 3
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 16741763
Did you add this to the NoNAT also?

access-list NoNAT permit ip host 192.168.0.10  host 192.168.10.10
access-list VPNTraffic permit ip host 192.168.0.10  host 192.168.10.10

Did you do exact mirror acls on the remote site?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16764881
ping . . .
0
 

Author Comment

by:andreacadia
ID: 16765615
changing the NoNAT access list and mirroring the access on the other side seems to have worked.  Why do the access lists have to be identical on both sides?  even if you permitted the entire submit the source IP allowed on the other end is the only  host that will communicate.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16765647
>Why do the access lists have to be identical on both sides?
They just do. . .
Glad you're working!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question