The reason you cant ping from the router itself is that when you specified
what traffic to encrypt and send to the tunnel you only specified the
subnets behind the firewall and router. If you try and ping the other side
it will not go through the tunnel because it is not a match on the
access-list. That is one of the reasons. I cant say that is the only
reason cuz I don't know what your configs look like.
Hope that helps
George, Head Janitor, CCNA CCDA
Cisco Systems
""Allen May"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have an IPSec tunnel set up between PIX and a 2600 and it works
perfectly
> for clients end-to-end. However, I can't ping across the VPN from pix or
> router.
>
> I suspect a routing issue. When I try to add a route to tell it anything
> going to the other end should use that IP on that interface, it gives an
> error saying invalid hop because it's on that router.
>
> Any ideas?
>
> A little info:
> Remote network has 10.43.2.0/24 but gateway is a secondary IP on the
> internal FastEthernet interface of a 2600.
> Central network is 10.43.1.0/24 on a PIX 515.
> Future networks will be on the 10.x.y.z network & centralize to the PIX
> rack.
>
> The problem I'm trying to solve is making the remote routers authenticate
> over the VPN to TACACS+ for the enable password. If I can't ping the box
> because it's trying to bo out the default route, it won't work.
>
> Allen
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10731&t=10714
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
