Search results for query: *

Thanks again for putting me on the right track. According to Cisco inbound ICMP is not allowed by default. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic2 I should be able to manage from here...

unclerico you're the man ! I've removed the access-group. TCP access (tried SSH) is allowed indeed (if proper route is set on end device). Ping is not. Now, how do I allow all traffic from jaap_lan to live_lan and vise versa ?

OK so here's an update : In a desparate moment of "I don't know what else to do" I've changed the outside IP's of both the PIX (by resetting the cablemodem) and the ASA (manually) Also, I've updated the ASA's IOS and ASDM. Here are both complete configs (wr t) public ip's obscured. The tunnel...

will do so in about 3 hours from now. In the meantime I've copied a tunnelconfig from a customer (who has an asa5520) and will check all settings with my running conf.

Yes that options is there sh sysopt no sysopt connection timewait sysopt connection tcpmss 1380 sysopt connection tcpmss minimum 0 no sysopt nodnsalias inbound no sysopt nodnsalias outbound no sysopt radius ignore-secret no sysopt uauth allow-http-cache sysopt connection permit-ipsec no sysopt...

On the ASA did a : ping live 192.168.50.4 6 Jun 09 2009 11:23:41 110001 No route to 192.168.50.4 from 10.32.1.75 I think this is the main problem I do have this route (as per your instructions) : S jaap_lan 255.255.255.0 [1/0] via xxx.xxx.195.75, outside

I don't know how valuable this info is, but did debug icmp and packets : jaappix501(config)# debug packet inside src 192.168.50.4 dst 10.32.1.75 proto $ jaappix501(config)# 11: ICMP echo-request from inside:192.168.50.4 to 10.32.1.75 ID=1024 seq=4101 length=40 --------- PACKET --------- -- IP...

A ping from my host (pc) 192.168.50.4 shows this on the asa logs (which means traffic gets through the tunnel unnatted): 6 Jun 09 2009 10:53:17 302021 192.168.50.4 10.32.1.75 Teardown ICMP connection for faddr 192.168.50.4/1024 gaddr 10.32.1.75/0 laddr 10.32.1.75/0 6 Jun 09 2009 10:53:15...

Ah forget abuot that traceroute, I'm connected through a backdoor (cisco VPN client) to the testserver and it probably found me through the default gateway.

I hadn't configured any hosts to use the ASA, so i picked a test server and added this route: 192.168.50.0 10.32.1.75 255.255.255.255 UGH 0 0 0 eth0 I can ping the ASA PING 10.32.1.75 (10.32.1.75) 56(84) bytes of data 64 bytes from 10.32.1.75: icmp_seq=0 ttl=255...

The IP is more or less static. As long as the cablemodem doesn't get a cold restart. I think the lease is very long and I've been using this IP for a long time. Rebooted both devices. No success... Booting the pix will show : Allocated IP address = xx.xx.9.85 netmask 255.255.248.0 gateway =...

Could the fact that the outside IP from the pix is provided by my ISP (via DHCP) have anything to do with my routing problems ? I'm still thinking about the ASA that's doing something wrong with the packets, after all I can see my pings arriving on the ASA, but it's not returning them.

PIX Version 6.3(4) ASA Version 7.2(2)

Sorry about last comment, missed yours there... I added the reverse route on the ASA, and it shows as a static route (still no traffic though): C xxx.xxx.195.64 255.255.255.192 is directly connected, outside C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback C live_lan...

Any ideas on how to fix the routing ?

no routes have been added after the tunnel is up. (checked on both sides) That's bad right ;-)

jaappix501# sh crypto isakmp sa Total : 1 Embryonic : 0 dst src state pending created 193.173.195.75 94.211.9.85 QM_IDLE 0 1 I think I did the previous sh crypto isakmp sa before the tunnel was fully up, tried it again...

thanks for your quick response : I've set up the tunnel with a ping from local lan 192.168.1.x on the pix : ############### jaappix501# sh crypto isakmp sa Total : 0 Embryonic : 0 dst src state pending created jaappix501# sh crypto isakmp sa Total ...

Hi guru's Been puzzling for a few days now, time to call in some support. I've got the following network layout and want full traffic between internal LANS 192.168.50.0/24-pix501-xxx.xxx.9.85/20(dhcp) <- internet -> xxx.xxx.195.75-asa5505-10.32.10/24 my pix config ...