Guys,
I've recently had to configure a series of VPN tunnels on my PIX 515 and have had mixed success. What I mean by mixed is the tunnel for one of my clients works perfectly. They connect to the PIX and can make use of the Terminal server in the DMZ.
The other client connects but their application times out while trying to connect to another server in my DMZ.
The problem I've got is with pings. I can't ping any of the remote devices nor can they ping me. As mentioned already, the first tunnel works brilliantly. I've checked to see if the remote devices allow icmp by pinging from an Internet facing server and got a response so I know they are not blocking this traffic.
I've also turned on icmp trace debugging on my PIX but I'm not getting much info at all. It just tells me that they are not successful. I've also added an access-list to allow ICMP to and from any device but still no joy. Setting up a capture to filter ICMP traffic shows nothing for my VPN interfaces either.
I'm at a loss here. The client thinks there is a problem on my end and I have no way of proving or disproving this. Any ideas?
I've recently had to configure a series of VPN tunnels on my PIX 515 and have had mixed success. What I mean by mixed is the tunnel for one of my clients works perfectly. They connect to the PIX and can make use of the Terminal server in the DMZ.
The other client connects but their application times out while trying to connect to another server in my DMZ.
The problem I've got is with pings. I can't ping any of the remote devices nor can they ping me. As mentioned already, the first tunnel works brilliantly. I've checked to see if the remote devices allow icmp by pinging from an Internet facing server and got a response so I know they are not blocking this traffic.
I've also turned on icmp trace debugging on my PIX but I'm not getting much info at all. It just tells me that they are not successful. I've also added an access-list to allow ICMP to and from any device but still no joy. Setting up a capture to filter ICMP traffic shows nothing for my VPN interfaces either.
I'm at a loss here. The client thinks there is a problem on my end and I have no way of proving or disproving this. Any ideas?
