[c-nsp] PIX VPN

Ahmad Cheikh-Moussa acm at netuse.de
Tue Apr 17 16:49:26 EDT 2007 

Hi!

On Apr 13, 07, Ahmad Cheikh-Moussa wrote:
> Hi!
> 
> I have a general question to PIX and VPN
> A customer has a PIX 506 with 6.3(5) and wants to establish
> a vpn tunnel. Normally no big thing, but he wants to terminate
> the vpn tunnel on the inside interface. Do not ask why.
> Actually he has some problem with the tunnel. He can see
> that the tunnel is established, but nothing goes through
> the tunnel. In the logs he find the messages no route
> to host. The pix has no default route. It only has a route to
> get the other vpn tunnel side.
> I think the problem will be the nat exemption with nat 0.
> 
> So before I start the debugging. Normally there should
> be no problems to terminate the vpn tunnel on the inside interface,
> right ?
> Nat 0 should work on the inside interface too, right ?

VPN Tunnel works now only in one direction. Everyrthing which 
comes through the tunnel works. When I try to start a session
from the other side, I can not reach anything. The acl are
correct, the nat 0 list for inside is configured. 
Ih the syslog I always see the message "no route to host"
I do not undestand this.

Any Ideas, what this could be. I've checked the config
thousand times, I checked the config with other pix/vpn
config where I terminate the tunnel at the outside interface
and can not find anything.

Could it be that there is built-in feature  in the pix os that makes
this problem ? cisco ?

Regards,
 Ahmad



-- 
Ahmad Cheikh-Moussa 
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: Service at NetUSE.DE --  http://NetUSE.DE/

Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Jörg Posewang
Aufsichtsrat: Detlev Hübner (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942

Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.

The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.

More information about the cisco-nsp mailing list