I have a tunnel setup between a vpn3000 and a pix 501. I can ping devices across the tun. however, I cannot ping the inside ethernet. Could anyone give me some tips on how to get this working? also, I need to monitor it for traffic stats in and out etc. with snmp. the ios is 6.3. thx and I really appreciate your help...
In order to be able to *ping* the inside ethernet IP address, you would have to create a special "management interface" VPN tunnel just for the purpose of talking to the PIX itself. It -must- be a distinct tunnel with its own crypto-map, because it will encode the packets differently than for a regular tunnel.
However, if your purpose is just to SNMP monitor, then you do not need to monitor the inside interface: just configure appropriate snmp-server values, and then the stats for the inside interface are just another instance in the snmp interface table.
on the end tunnel PIX you need :
management-access inside and the ofcourse that the headend device, from which the managementtraffic generates, must be in the no-nat and cryptomap ACL's
HTH Martin Bilgrav
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.