Ok, I have two PIX 515E and I am trying to create a site to site VPN. I seem to have the VPN connection up and running and I can even ping hosts on the other side. The problem that I have is thats all I can do. I figured if I could ping them I should be able to connect to them but I can't. I tried to terminal service to one of my servers and it won't make a connection.
Here is the config that I put in...what am I doing wrong?
PIX 1
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key xxxxxx address 66.xxx.xxx.5
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip 10.25.0.0 255.255.0.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.25.0.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.16.88.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.25.2.0 255.255.254.0 192.168.0.0 255.255.255.0
nat 0 access-list 90
crypto map PIX 2 20 ipsec-isakmp
crypto map PIX 2 20 match address 90
crypto map PIX 2 20 set transform-set strong
crypto map PIX 2 20 set peer 66.xxx.xxx.5
crypto map PIX 2 interface outside
sysopt connection permit-ipsec
PIX 2
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key xxxxxx address 63.xxx.xxx.77
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip 192.168.0.0 255.255.255.0 10.25.0.0 255.255.0.0
access-list 90 permit ip 192.168.0.0 255.255.255.0 172.25.0.0 255.255.254.0
access-list 90 permit ip 192.168.0.0 255.255.255.0 172.25.2.0 255.255.254.0
nat 0 access-list 90
crypto map PIX 1 20 ipsec-isakmp
crypto map PIX 1 20 match address 90
crypto map PIX 1 20 set transform-set strong
crypto map PIX 1 20 set peer 63.xxx.xxx.77
crypto map PIX 1 interface outside
sysopt connection permit-ipsec
so far this allows me to ping from the 192. network to the 172.25's, and the 10. network. But I am unable to terminal service to a server in the 172.25 network.
why??????
Here is the config that I put in...what am I doing wrong?
PIX 1
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key xxxxxx address 66.xxx.xxx.5
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip 10.25.0.0 255.255.0.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.25.0.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.16.88.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list 90 permit ip 172.25.2.0 255.255.254.0 192.168.0.0 255.255.255.0
nat 0 access-list 90
crypto map PIX 2 20 ipsec-isakmp
crypto map PIX 2 20 match address 90
crypto map PIX 2 20 set transform-set strong
crypto map PIX 2 20 set peer 66.xxx.xxx.5
crypto map PIX 2 interface outside
sysopt connection permit-ipsec
PIX 2
isakmp enable outside
isakmp policy 9 authentication pre-share
isakmp policy 9 encrypt 3des
crypto isakmp key xxxxxx address 63.xxx.xxx.77
crypto ipsec transform-set strong esp-3des esp-sha-hmac
access-list 90 permit ip 192.168.0.0 255.255.255.0 10.25.0.0 255.255.0.0
access-list 90 permit ip 192.168.0.0 255.255.255.0 172.25.0.0 255.255.254.0
access-list 90 permit ip 192.168.0.0 255.255.255.0 172.25.2.0 255.255.254.0
nat 0 access-list 90
crypto map PIX 1 20 ipsec-isakmp
crypto map PIX 1 20 match address 90
crypto map PIX 1 20 set transform-set strong
crypto map PIX 1 20 set peer 63.xxx.xxx.77
crypto map PIX 1 interface outside
sysopt connection permit-ipsec
so far this allows me to ping from the 192. network to the 172.25's, and the 10. network. But I am unable to terminal service to a server in the 172.25 network.
why??????