[c-nsp] problems passing traffic once VPNed

Josh Duffek consultantjd16 at ridemetro.org
Mon Mar 21 15:01:34 EST 2005 

If it was me I would want to see:
Sh ver
Sh run
Debug cry engine
Debug cry ipsec
Debug cry isakmp
(then vpn in)
sh cry ipsec sa
sh cry isakmp sa

Ethereal prolly won't help us here...sounds like the tunnels are
misconfigged a little or just not getting build properly for some
reason.

Thanks,

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Ivan Lopez
> Sent: Monday, March 21, 2005 1:50 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] problems passing traffic once VPNed
> 
> I added isakmp nat-traversal, same results. Can both firewalls have
the
> same. When I analyze the statistics on my VPN client it
> shows some packets going out but none inbound. Can Ethereal be useful
in
> troubleshooting this? I am constantly checking logs in the firewall to
> see if something comes up. Any type of logging I should have set up on
the
> Firewall to capture this?
> 
> 
> Any ideas?
> 
> thanks,
> -Ivan
> 
> 
> 
> 
> 
> 
> 
> 
> Ivan
> 
> You may want to try looking at
> 
> 	isakmp nat-traversal
> 
> A quick search on cisco.com should give you enough information to
> figure out if this is your problem and whether or not it is supported
> on your PIX software version.
> 
> Regards
> 
> 	Peter Walker
> 
> --On 18 March 2005 20:01 -0500 Ivan Lopez <ilopez02 at earthlink.net
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>>
> wrote:
> 
> >/  I am very new in VPNs, and I inherited 2 pix firewalls in
> />/ different  locations, location (pix)A and location (pix)B.
> />/
> />/ I can VPN into them individually using  Cisco VPN client from home
> />/ using  a simple broadband connection without any problems reaching
> />/ the desired  traffic. However,  using the same VPN client when I
do
> />/ VPN from behind  the pix in  location A to (pix) location B, I can
> />/ connect but then I  cannot pass any traffic or get anywhere at
all.
> />/ Both PIXes have similar   VPN related set ups. Anyone out there
> />/ that has a clue of what I am  missing, I would sure appreciated
any
> />/ suggestions.
> />/
> />/
> />/ thanks
> />/ _______________________________________________
> />/ cisco-nsp mailing list  cisco-nsp at puck.nether.net
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>
> />/ https://puck.nether.net/mailman/listinfo/cisco-nsp
> />/ archive at http://puck.nether.net/pipermail/cisco-nsp/
> />
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list