Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I can ping... but that's all

Status
Not open for further replies.
lhatwwp

lhatwwp

Technical User
Oct 23, 2007
79
0
0
US
Hello,

I have created a tunnel between two sites and I can ping from one end of the tunnel to the other... but that's all I can do. I want to be able to allow remote connections through RDP and PC Anywhere. I tried to enable this but it just doesn't work. Can anyone suggest what the problem is with my config?

Code: 
interface Ethernet0/1
 nameif SCADA
 security-level 100
 ip address 10.10.10.244 255.0.0.0 
!
interface Ethernet0/2
 nameif OUTSIDE
 security-level 0
 ip address 209.54.X.X 255.255.255.248

access-list SCADAtoOUTSIDE extended permit ip host 10.10.10.243 192.168.9.0 255.255.255.0 
access-list SCADAtoOUTSIDE extended permit icmp host 10.10.10.243 192.168.9.0 255.255.255.0 

access-list 100 extended permit ip host 192.168.40.243 host 192.168.9.10 
access-list 100 extended permit ip host 192.168.40.243 host 192.168.9.11 

access-list acl_out extended permit ip host 192.168.9.11 host 192.168.40.243 
access-list acl_out extended permit ip host 192.168.9.10 host 192.168.40.243 

access-list 104 extended permit tcp host 192.168.40.243 host 192.168.9.10 eq 3389 
access-list 104 extended permit tcp host 192.168.40.243 host 192.168.9.11 eq 3389 
access-list 104 extended permit tcp host 192.168.40.243 host 192.168.9.10 eq pcanywhere-data 
access-list 104 extended permit tcp host 192.168.40.243 host 192.168.9.11 eq pcanywhere-data 
access-list 104 extended permit icmp host 192.168.40.243 host 192.168.9.10 
access-list 104 extended permit icmp host 192.168.40.243 host 192.168.9.11 

global (OUTSIDE) 1 interface
nat (SCADA) 0 access-list 100
nat (SCADA) 1 10.10.10.0 255.255.255.0

static (SCADA,OUTSIDE) 192.168.40.243 10.10.10.243 netmask 255.255.255.255 

access-group SCADAtoOUTSIDE in interface SCADA
access-group acl_out in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 209.54.X.X 1
 
Sort by date Sort by votes
You If you ping from one LAN to the other and debug crypto isa and debug crypto ipsec, what does the output tell us? Could you post it?

Without the VPN configs from each end it is hard to tell but if you cannot ping from LAN IP to LAN IP, the tunnel is not configured correctly.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
136
Sameer258
Sameer258
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
39
Garbear
Garbear
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
116
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
136
Johnkite
Johnkite
Shad0wguy
  • Locked
  • Question
Unable to ping specific IP across interfaces, can ping on same interface
Replies
6
Views
118
Shad0wguy
Shad0wguy

Part and Inventory Search

Sponsor

Back
Top