Solved

Problem pinging across site to site tunnel (515E to 501)

Posted on 2006-07-13
4
263 Views
Last Modified: 2010-04-08
We just moved and office mid-week and the new location has a new ip range. Made all changes on both of the PIX's and a "show crypto isakmp sa" is returning:

PIX01(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX01 and:

PIX02(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX02.

I can ping PIX to PIX with no problem but I cannot ping a remote workstation. From my limited knowledge it appears as though the tunnel is up but other then the outside address nothing else on the PIX has changed. Maybe I did the commands in the wrong order...?

Basically I just need to complete the tunnel.

Thanks in Advance.
0
Comment
Question by:simsjrg
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 250 total points
ID: 17105031
Can you post output from following on both sides?

sh crypto ipsec sa


Also post your running config on the PIX
0
 
LVL 9

Assisted Solution

by:Pentrix2
Pentrix2 earned 250 total points
ID: 17105193
It looks like an access-list or routing problem.  Please post both sides running-configuration.

Pentrix2
0
 
LVL 18

Author Comment

by:simsjrg
ID: 17107186
Just ended up recreating the tunnel from scratch. It came up fine. Points split for the effort.

Thanks again!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17109207
For future reference when this kinda thingy happens, just remove the crypto map from the interface and add it back.

Cheers,
Rajesh
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
info required for port scans 1 44
penetration testing -- metasploit / etc ? 2 52
Sonicwall SOHO Firewall port access 5 81
Is my Machine open to hackers 3 91
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now