I am trying to get a site to site vpn working.
The main PIX is a 515 and the client PIX is a 501.
I have it all configured and the tunnel comes up fine, however, if I try and ping hosts on the main site (515 side) from the remote site (501 side) it doesn't ping until I log onto the host on the main side I am trying to ping, ping the client PC from there, then the client PC can ping that host?
Hope someone understands what I tried to explain there :-)
Regards
This could be caused if one of the two ends has a dynamic IP address, or if the PIXes have been configured to think that they do.
It could also be caused by the access-lists used for the crypto map match address not being symmetric.
Strange, the 515 didn't have the 'crypto map outside_map 20 match address
20' statment, when I added this in it stopped pinging altogether. Saved config, rebooted and everything is working fine now?Cheers
Before you rebooted did you do "clear cry ipsec sa" and/or "clear isa sa"?
Unfortunately not
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.