I am configuring a VPN site 2 site tunnel.
my internal host----->cisco3550switch------>cisco 6506 switch------>cisco 3640 router------>My Pix 515e
------>internet------->Cisco Access Concentrator at remote vendor site.
I have configured the tunnel as such
isakmp policy 5 authentication pre-share isakmp policy 5 encryption des isakmp policy 5 hash md5 isakmp policy 5 group 2 isakmp policy 5 lifetime 86400
isakmp key S3argent address 212.159.204.78 netmask 255.255.255.255
access-list to-phillips permit ip host local host ip remote host ip
255.255.252.0access-list to-phillips permit ip host local host ip remote host ip
255.255.252.0access-list to-phillips permit ip host local host ip remote host ip
255.255.252.0crypto ipsec transform-set Phillips esp-3des esp-md5-hmac
crypto map partner-map 1 ipsec-isakmp crypto map partner-map 1 match address to-phillips crypto map partner-map 1 set peer 212.159.204.78 crypto map partner-map 1 set transform-set Phillips
crypto map partner-map interface outside
I have also added a route statement in the 3640 ip route 192.68.48.0 255.255.252 the local address to my pix. The 3640 knows inorder to get to the remote site to go through the pix.
The tunnel comes up but no data passes through it. I can not ping them and they cannot ping me.
For testing purposes I did add the line access-list to-phillips permit icmp any any and we were unable to get it to pass traffic
Do I need to add any kind of route statement in the my pix to tell it any traffic destined to the remote site needs to go through the VPN tunnel? How do i do that if I need to.
What am I missing? Help
Steven Johnson Network Administrator Brooks Memorial Hospital