Solved

Problem pinging across site to site tunnel (515E to 501)

Posted on 2006-07-13
4
272 Views
Last Modified: 2010-04-08
We just moved and office mid-week and the new location has a new ip range. Made all changes on both of the PIX's and a "show crypto isakmp sa" is returning:

PIX01(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX01 and:

PIX02(config)# show crypto isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
  xxx.xxx.xxx.xxx    xxx.xxx.xxx.xxx    QM_IDLE         0           2

on PIX02.

I can ping PIX to PIX with no problem but I cannot ping a remote workstation. From my limited knowledge it appears as though the tunnel is up but other then the outside address nothing else on the PIX has changed. Maybe I did the commands in the wrong order...?

Basically I just need to complete the tunnel.

Thanks in Advance.
0
Comment
Question by:simsjrg
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 250 total points
ID: 17105031
Can you post output from following on both sides?

sh crypto ipsec sa


Also post your running config on the PIX
0
 
LVL 9

Assisted Solution

by:Pentrix2
Pentrix2 earned 250 total points
ID: 17105193
It looks like an access-list or routing problem.  Please post both sides running-configuration.

Pentrix2
0
 
LVL 18

Author Comment

by:simsjrg
ID: 17107186
Just ended up recreating the tunnel from scratch. It came up fine. Points split for the effort.

Thanks again!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17109207
For future reference when this kinda thingy happens, just remove the crypto map from the interface and add it back.

Cheers,
Rajesh
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question