Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Problem pinging across site to site tunnel (515E to 501)

Posted on 2006-07-13
4
Medium Priority
?
275 Views
Last Modified: 2010-04-08
We just moved and office mid-week and the new location has a new ip range. Made all changes on both of the PIX's and a "show crypto isakmp sa" is returning:

PIX01(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX01 and:

PIX02(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX02.

I can ping PIX to PIX with no problem but I cannot ping a remote workstation. From my limited knowledge it appears as though the tunnel is up but other then the outside address nothing else on the PIX has changed. Maybe I did the commands in the wrong order...?

Basically I just need to complete the tunnel.

Thanks in Advance.
0
Comment
Question by:simsjrg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 1000 total points
ID: 17105031
Can you post output from following on both sides?

sh crypto ipsec sa


Also post your running config on the PIX
0
 
LVL 9

Assisted Solution

by:Pentrix2
Pentrix2 earned 1000 total points
ID: 17105193
It looks like an access-list or routing problem.  Please post both sides running-configuration.

Pentrix2
0
 
LVL 18

Author Comment

by:simsjrg
ID: 17107186
Just ended up recreating the tunnel from scratch. It came up fine. Points split for the effort.

Thanks again!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17109207
For future reference when this kinda thingy happens, just remove the crypto map from the interface and add it back.

Cheers,
Rajesh
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question