Firewall Wizards mailing list archives
RE: PIX TO PIX IPSEC w/ NAT on either side
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Thu, 4 Mar 2004 12:51:41 -0500
What exactly is the problem? What do you think should be happening that isn't? Configs look mostly OK, though I never use names when designating VPN peers. I guess that might cause problems with 'isakmp identity address', though probably not. Also, you can ditch the 'permit udp' and 'permit icmp' lines in the tunnel access-lists. They're being ignored anyway. When you run 'show isakmp sa' does it show the other peer in 'QM_IDLE'? PaulM -----Original Message----- I have two networks, they're natted accordingly to get out to the net.. I have set up ipsec tunnels before, but this time I'm having difficulty. Situation two pix firewalls: 501, and a 506.. IPSEC between two networks Firewall 1 192.168.5.0 Firewall 2 192.168.0.0 Tunnel between the two, while allowing internet traffic to transverse through accordingly Thoughts? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX TO PIX IPSEC w/ NAT on either side Paul Matuszewski (Mar 04)
- <Possible follow-ups>
- RE: PIX TO PIX IPSEC w/ NAT on either side Melson, Paul (Mar 07)