I'm moving a site to site VPN between 2 1841s, to between an 1841 and a PIX501. If there are any commands that need to be on the PIX so that it will bring up the tunnel, I would appreciate the help. Thannks.
What type of tunnel are you bringing up between the two? Is it pre-share keys or rsa certificates?
If its pre share key here are some examples...
(Change these access-lists to fit your networks)
access-list nonat permit ip 172.17.6.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list 100 permit ip 172.17.6.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (vpn) 0 access-list nonat (Tells the PIX not to perform NAT on this access-list)
Excellent reply. Thanks much. The VPN is pre-shared key. We got the VPN up, but now the remote site (pix) users can't get their e-mail from the exchange server at the main site (1841). The users at the remote site can get to other server resources at the main site. The MIS guy turned off telnet & HTTP in the main site router this morning, so now I can't pull the config to show you what is on the router or the PIX. Thanks again.
Glad the VPN works. Now lets troubleshoot why you can't get to your email server when you can get to other resources. What type of clients are you using to access email? Is it OWA, Outlook or Outlook Express? Then take a look at the the access-lists on both the pix and the router. Last check the exchange server. You are now coming from another network address, does you email server know about the other network?
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.