Solved

Problem pinging across site to site tunnel (515E to 501)

Posted on 2006-07-13
4
261 Views
Last Modified: 2010-04-08
We just moved and office mid-week and the new location has a new ip range. Made all changes on both of the PIX's and a "show crypto isakmp sa" is returning:

PIX01(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX01 and:

PIX02(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX02.

I can ping PIX to PIX with no problem but I cannot ping a remote workstation. From my limited knowledge it appears as though the tunnel is up but other then the outside address nothing else on the PIX has changed. Maybe I did the commands in the wrong order...?

Basically I just need to complete the tunnel.

Thanks in Advance.
0
Comment
Question by:simsjrg
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 250 total points
ID: 17105031
Can you post output from following on both sides?

sh crypto ipsec sa


Also post your running config on the PIX
0
 
LVL 9

Assisted Solution

by:Pentrix2
Pentrix2 earned 250 total points
ID: 17105193
It looks like an access-list or routing problem.  Please post both sides running-configuration.

Pentrix2
0
 
LVL 18

Author Comment

by:simsjrg
ID: 17107186
Just ended up recreating the tunnel from scratch. It came up fine. Points split for the effort.

Thanks again!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17109207
For future reference when this kinda thingy happens, just remove the crypto map from the interface and add it back.

Cheers,
Rajesh
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now