[c-nsp] pix bizarre vpn issue
Alexandre Durand
alexandre.durand at thecloud.net
Wed Nov 22 06:28:30 EST 2006
here is the config. if i do ping inside 194.42.124.34 from the pipx 501
the vpn process start and from the other pix i get the logs attached to
this email.
The thing is i can t start the vpn process from the other pix (515) if i
do ping dmz 10.5.245.9, i get:
%PIX-6-110001: No route to 10.5.245.9 from yy.yy.yy.60 (dmz ip address
from the dmz interface (yy.yy,yy.32/27)
Richard Golodner wrote:
> Alex, are you doing NAT anywhere inside DMZ?
> Richard
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alexandre Durand
> Sent: Thursday, November 16, 2006 8:57 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] pix bizarre vpn issue
>
> Hi,
>
> i m being established a vpn tunnel between two pix (515--> 501). If i
> configure the vpn tunnel with the encryption domain 10.5.10.0/24 ---
> 10.5.245.0/24, it works perfectly. However if i use the encryption
> domain 194.42.../27 -- 10.5.245.0/24, it doesn t work !! 194.42.../27
> range belongs to a puclic network
> in fact 194.42.../27 is dmz
>
> Can we establish a vpn tunnel with encyption domain public(dmz)--private ?
>
> Alex
>
>
--
Alexandre Durand
Edge Network Engineer
A: The Cloud Networks Ltd
54 Bartholomew Close
EC1A 7RY
M: 0770 291 1805
W: www.thecloud.net
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cisco-cnp
Url: https://puck.nether.net/pipermail/cisco-nsp/attachments/20061122/37094dbf/attachment.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug_pix
Url: https://puck.nether.net/pipermail/cisco-nsp/attachments/20061122/37094dbf/attachment-0001.ksh
More information about the cisco-nsp
mailing list