Hi all,
Got kind of a wierd problem here. I got a concentrator 3020 to pix lan to lan vpn going I have configured quite a few of these in my day anyways there are two networks connected piont to piont behind the concentrator. I have 20 other sites running this excact same configuration. Anyways when the 3020 is on 10.1.1.X network and the other side of the PPP is 192.168.1.X when I bring up the VPN on
10.2.1.X it will only see the 192.168.1.X network and not 10.1.1.X network. The tunnel is up the 3020 says it is up. I got all the sites using the same ike proposal aes-128-md5 and the same network list in the 3020 to access the two networks. I have the excact same acl built in this pix access-list vpn permit ip 10.2.1.0 255.255.255.0 10.1.1.0 255.255.255.0access-list vpn permit ip 10.2.1.0 255.255.255.0 192.168.1.0
255.255.255.0 (bound to crypto map) access-list nonat permit ip 10.2.1.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list nonat permit ip 10.2.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (bound to nat 0 statement) nat (inside) 0 access-list nonat My config matches all the other configs I have done I configured all my other 20 sites and this is exactly the same The Pix will recv packets but not send them and the 3020 will send but not recv the 3020 will not even ping the inside of the pix (management-access inside enabled)when it says the tunnel is up and I can ping from the 192.168.1.X network.... Like I mentioned before I have a network list in the 3020: 10.1.1.0/0.0.0.255 192.168.1.0/0.0.0.255 this same list supports my other sites but not this one it is bound to this vpn and listed in the "the local network" portion of the vpn in the 3020 the "remote network" portion contains 10.2.1.0 0.0.0.255. The remote network is flat with one firewall on it. Same network list as all other working ones same ike proposal 3020 is running ./VPN 3000 Concentrator Version 4.1.5.Rel Jun 18 2004 00:22:46 anyways I am ready to pull my hair out I am done this a thousand times. anyone know of a bug or something.. Thanks all