RE: PIX TO PIX IPSEC w/ NAT on either side

["Melson, Paul" <PMelson () sequoianet com>]

What exactly is the problem?  What do you think should be happening that
isn't?

Configs look mostly OK, though I never use names when designating VPN
peers.  I guess that might cause problems with 'isakmp identity
address', though probably not.  Also, you can ditch the 'permit udp' and
'permit icmp' lines in the tunnel access-lists.  They're being ignored
anyway.

When you run 'show isakmp sa' does it show the other peer in 'QM_IDLE'?

PaulM

-----Original Message-----
I have two networks, they're natted accordingly to get out to the net..
I have set up ipsec tunnels before, but this time I'm having difficulty.
Situation two pix firewalls: 501, and a 506.. IPSEC between two networks
Firewall 1 192.168.5.0
Firewall 2 192.168.0.0

Tunnel between the two, while allowing internet traffic to transverse
through accordingly

Thoughts? 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards