Solved

Problem pinging across site to site tunnel (515E to 501)

Posted on 2006-07-13
4
270 Views
Last Modified: 2010-04-08
We just moved and office mid-week and the new location has a new ip range. Made all changes on both of the PIX's and a "show crypto isakmp sa" is returning:

PIX01(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX01 and:

PIX02(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX02.

I can ping PIX to PIX with no problem but I cannot ping a remote workstation. From my limited knowledge it appears as though the tunnel is up but other then the outside address nothing else on the PIX has changed. Maybe I did the commands in the wrong order...?

Basically I just need to complete the tunnel.

Thanks in Advance.
0
Comment
Question by:simsjrg
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 250 total points
ID: 17105031
Can you post output from following on both sides?

sh crypto ipsec sa


Also post your running config on the PIX
0
 
LVL 9

Assisted Solution

by:Pentrix2
Pentrix2 earned 250 total points
ID: 17105193
It looks like an access-list or routing problem.  Please post both sides running-configuration.

Pentrix2
0
 
LVL 18

Author Comment

by:simsjrg
ID: 17107186
Just ended up recreating the tunnel from scratch. It came up fine. Points split for the effort.

Thanks again!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17109207
For future reference when this kinda thingy happens, just remove the crypto map from the interface and add it back.

Cheers,
Rajesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
pfSense and Sophos Mobile Control Security 4 103
Trojan blocked 11 99
How do I restrict App Service access to specific IPs (i.e. firewall)? 4 71
ipsec tunnel comme not up 10 116
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question