Pix 501 to 506 VPN

I am creating a site to site VPN from a pix 501 with an outside address of 24.173.110.82 and an inside network of 192.168.1.0/24 to a pix 506 with an outside address of 207.200.35.62 and an inside network of

10.0.0.0/24. I am not very fimiliar with pix firewalls but have setup a few pix vpns in the past. This time I just followed the step by step instructions on the cisco site but I am not able to get any traffic across the vpn. Thanks in advance.

PIX 506

interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ********** passwd ********* hostname ******* domain-name ******* fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 10.0.0.0 Level0 name 10.1.0.0 level1 name 10.2.0.0 level2 name 10.2.1.0 CityOf access-list out_in permit icmp any any echo-reply access-list out_in permit icmp any any time-exceeded access-list out_in permit icmp any any unreachable access-list in_out permit tcp Level0 255.255.255.0 any eq www access-list in_out permit tcp Level0 255.255.255.0 any eq domain access-list 80 permit ip Level0 255.255.255.0 192.168.1.0 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 207.200.35.62 255.255.255.240 ip address inside 10.0.0.254 255.255.255.0 ip audit info action drop ip audit attack action drop pdm location 10.0.0.11 255.255.255.255 inside pdm location 10.0.0.12 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 207.200.35.61 netmask 255.255.255.240 nat (inside) 0 access-list 80 nat (inside) 1 Level0 255.255.255.0 0 0 static (inside,outside) Level0 Level0 netmask 255.255.255.0 0 0 access-group out_in in interface outside route outside 0.0.0.0 0.0.0.0 207.200.35.49 1 timeout xlate 5:00:00 timeout conn 2:30:00 half-closed 0:10:00 udp 2:30:00 rpc 2:30:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 10.0.0.1 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set strong esp-3des esp-sha-hmac crypto map City 10 ipsec-isakmp crypto map City 10 match address 80 crypto map City 10 set peer 24.173.110.82 crypto map City 10 set transform-set strong crypto map City interface outside isakmp enable outside isakmp key ******** address 24.173.110.82 netmask 255.255.255.255 isakmp policy 8 authentication pre-share isakmp policy 8 encryption 3des isakmp policy 8 hash sha isakmp policy 8 group 1 isakmp policy 8 lifetime 86400 ssh timeout 5

Pix 501

PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password ********** passwd ********** hostname hutfw domain-name ******** fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside permit icmp any any access-list outside permit tcp any host 192.168.1.3 eq 3389 access-list outside permit tcp any host 24.173.110.82 eq 3389 access-list outside permit tcp any host 192.168.1.99 eq 3390 access-list outside permit tcp any host 24.173.110.82 eq 3390 access-list 90 permit ip 192.168.1.0 255.255.255.0 10.0.0.0

255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 24.173.110.82 255.255.255.252 ip address inside 192.168.1.1 255.255.255.0 ip audit info action drop ip audit attack action drop pdm location 192.168.1.3 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 90 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group outside in interface outside route outside 0.0.0.0 0.0.0.0 24.173.110.81 1 timeout xlate 5:00:00 timeout conn 2:30:00 half-closed 0:10:00 udp 2:30:00 rpc 2:30:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:00:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set strong esp-des esp-sha-hmac crypto map toMITIS 20 ipsec-isakmp crypto map toMITIS 20 match address 90 crypto map toMITIS 20 set peer 207.200.35.62 crypto map toMITIS 20 set transform-set strong crypto map toMITIS interface outside isakmp enable outside isakmp key ******** address 207.200.35.62 netmask 255.255.255.255 isakmp policy 9 authentication pre-share isakmp policy 9 encryption des isakmp policy 9 hash sha isakmp policy 9 group 1 isakmp policy 9 lifetime 86400 telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 terminal width 80