Help & FAQs    Search BCF    Members    Groups    Events Calendar
Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


Cisco PIX VPN issue

 Reply to topic
Bike Chat Forums Index -> The Geek Zone
View previous topic : View next topic  
Author Message

wantser
Trackday Trickster



Joined: 04 Oct 2004
Karma :
PostPosted: 13:42 - 11 Jul 2006    Post subject: Cisco PIX VPN issue Reply with quote
Hi,

I had a problem with a DES-SHA Tunnel which is fixed now, but have no idea why the problem occured.
I have copied my posts from cisco forums on here, anyone who might have any idea about this problem please enlighten me. I have fixed it, but it baffles me as to why it happened?!

Cisco Post 1 wrote:
I have two sites that talk to each other over a DES vpn. One site on a MPLS cloud in the UK talking to a site in Luxemburg. The traffic is routed from the MPLS to my PIX on my site then encyrpted to Lux and vice versa. Both end VPN devices are 515E's running 6.3(3) versions. My client is running a 2003 exchange which is replicating over this link, but experienced very odd connectivity which I shall explain with what we see in the pings.

UK machine -10.33.16.23
Lux machine -10.127.16.15

RDP from UK to Lux trying to ping UK=no responce.
Then ping from UK to Lux=responce
Then Ping from Lux to UK=responce

All rules allow any talking between the two sites. No firewalls are on the machines. They are only running sophos anitvirus.


Cisco Post 2 wrote:
I seem to have found the cause although it is rather odd.
The internal network local to the PIX, 172.18.*.* has none of these issues. It is only when you traverse this network to get to the MPLS that causes this rather odd problem. Initiating the ping from Lux to 172.18.*.* works with only a simple protect IP rule on either end of the link IE on both the 515E's. To get it to work so that Lux can ping the UK site without the UK site pinging Lux first I have had to specifically add the protect ICMP back to Lux and also add a NAT exemption rule in the same direction. Not touching the config in LUX. This I could understand if the PIX was natting, but the PIX this end does not nat a thing. Everything should be left as original anyway. I am trying to find an expination for this but not having a lot of joy. Why has this only starting happening resently? It never did before about 2 months ago. Why does the ping work fine once you have pinged a machine in LUX? The tunnel I imagine must already be up but surely the data going across with still adhear to all the rules both NAT and Protect on the way to Lux?
Anyway, its working for now. If anyone has any ideas or documentation that may help that woudl be grand!


I know there are a few Cisco bods on here. Any ideas? Its bugging the hell out of me.

Cheers Guys

Wantser Thumbs Up
____________________
An expert is a person who has made all the mistakes that can be made in a very narrow field
 Back to top
View user's profile Send private message You must be logged in to rate posts
Old Thread Alert!

The last post was made 17 years, 295 days ago. Instead of replying here, would creating a new thread be more useful?
  Display posts from previous:   
This page may contain affiliate links, which means we may earn a small commission if a visitor clicks through and makes a purchase. By clicking on an affiliate link, you accept that third-party cookies will be set.

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 
Debug Mode: ON - Server: birks (www) - Page Generation Time: 0.06 Sec - Server Load: 0.57 - MySQL Queries: 17 - Page Size: 31.03 Kb