[c-nsp] Pix to Pix IPSEC
Laurent Geyer
lgeyer at 085zehn.com
Mon Jun 5 19:23:45 EDT 2006
On 6/5/06, Voll, Scott <Scott.Voll at wesd.org> wrote:
>
> I've setup a Pix to Pix - LAN to LAN IPSec tunnel between two sites. I
> know the tunnel is up and I can Telnet to devices on the remote site but
> ICMP traffic is not going through. I can see ICMP traffic hitting the
> ACL but I'm not getting any replies. What could be the cause of this?
Could be caused by using layer 4 operators on the match-address access-lists
that define interesting VPN tunnel traffic. The access-list should be layer
3 only.
Example:
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0
255.255.255.0
- Laurent
More information about the cisco-nsp
mailing list