Access List help

[daidem77]

I was finally able to get a ipsec site to site vpn up with our branch office. I can ping devices attached to the branch office but the branch office can't ping devices on the head office network.

Head Office
888.888.888.888 (outside)
172.20.0.0 255.255.0.0

Branch Office
777.777.777.777 (outside)
172.21.0.0 (inside)

How can I allow the branch office computers to ping the head office network. Sorry I am new to pix and cisco. I can ping the branch office.

 

[bubarooni]

I have a similar setup where I have four site-to-site vpn's using 1750's connecting back to a 506. All thanks to the geniuses that haunt this forum. While I am not new to this, I am still a friggin' rookie at it.

If you post your inbound and outbound access-list for each device and their full inside and outside ip addresses (suitably disguised of course)

ie.:

ip address outside 888.888.888.888 255.255.255.240
ip address inside 172.20.0.0 255.255.0.0

all can take a look and see.

You can even post the entire configs with the pertinent ip's and/or other info disguised and the wonderful people on this board will probably help. They are saints and do noble work when you have an interesting question AND enough info for them to troubleshoot. Heck, I'll even try!

 

[daidem77]

Here is the access-lists. I still can't ping the inside lan for both sites. The IKE Phases goes through and establishes a connection. I have tried everything thig possible, wish someone can help me. I am using a pix 50e and linksys router on the other site.

access-list crypto1 permit ip 172.20.0.0 255.255.0.0 172.21.0.0 255.255.0.0
access-list outside_cryptomap_30 permit ip 172.20.0.0 255.255.0.0 172.21.0.0 255
.255.0.0

ip address outside xx.xx.23.88 255.255.255.248
ip address inside 172.20.2.3 255.255.0.0

global (outside) 1 interface
nat (inside) 0 access-list crypto1
nat (inside) 1 172.20.0.0 255.255.0.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xx.xx.23.87 1

crypto map pix1map 10 match address outside_cryptomap_30