Re: VPN troubles [7:10714]

[Allen May]

OK I'll get the configs & forward in a bit.  But for now...the inside
interface has an IP on that subnet.  What would it take to get it to work
from the router itself?  It's got an outside IP going to the ISP and an
inside IP for a 10.43.2.0/24 network with a secondary IP on the inside
interface of 10.43.2.1.

I guess what I'm trying to say is...how DO you make it work then? ;)

Allen

----- Original Message -----
From: "G30RG3" 
To: 
Sent: Monday, July 02, 2001 7:53 PM
Subject: Re: VPN troubles [7:10714]


> The reason you cant ping from the router itself is that when you specified
> what traffic to encrypt and send to the tunnel  you  only specified the
> subnets behind the firewall and router.  If you try and ping the other
side
> it will not go through the tunnel because it is not a match on the
> access-list.  That is one of the reasons.  I cant say that is the only
> reason cuz I don't know what your configs look like.
>
> Hope that helps
>
> George, Head Janitor, CCNA CCDA
> Cisco Systems
>
> ""Allen May""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have an IPSec tunnel set up between PIX and a 2600 and it works
> perfectly
> > for clients end-to-end.  However, I can't ping across the VPN from pix
or
> > router.
> >
> > I suspect a routing issue.  When I try to add a route to tell it
anything
> > going to the other end should use that IP on that interface, it gives an
> > error saying invalid hop because it's on that router.
> >
> > Any ideas?
> >
> > A little info:
> > Remote network has 10.43.2.0/24 but gateway is a secondary IP on the
> > internal FastEthernet interface of a 2600.
> > Central network is 10.43.1.0/24 on a PIX 515.
> > Future networks will be on the 10.x.y.z network & centralize to the PIX
> > rack.
> >
> > The problem I'm trying to solve is making the remote routers
authenticate
> > over the VPN to TACACS+ for the enable password.  If I can't ping the
box
> > because it's trying to bo out the default route, it won't work.
> >
> > Allen




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10813&t=10714
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]