which leads me to wonder - when the numbers reach 9999, does it roll over to
0000? :->
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Kevin Wigle
Sent: Tuesday, July 03, 2001 8:58 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN troubles [7:10714]
can't resist................
Hey Michael, that's some CCIE# you go there :-)
Kevin Wigle
----- Original Message -----
From: "Yonkerbonk"
To:
Sent: Tuesday, July 03, 2001 11:30 AM
Subject: Re: VPN troubles [7:10714]
> What you need to test with is do an extended ping.
> Type in ping ip and then enter. And then follow the
> prompts after that. It gives you the choice of picking
> which ip address the router will use as the source. By
> default is uses the interface the packet leaves from.
>
> Michael Le, CCIE #681
>
> --- Allen May wrote:
> > OK I'll get the configs & forward in a bit. But for
> > now...the inside
> > interface has an IP on that subnet. What would it
> > take to get it to work
> > from the router itself? It's got an outside IP
> > going to the ISP and an
> > inside IP for a 10.43.2.0/24 network with a
> > secondary IP on the inside
> > interface of 10.43.2.1.
> >
> > I guess what I'm trying to say is...how DO you make
> > it work then? ;)
> >
> > Allen
> >
> > ----- Original Message -----
> > From: "G30RG3"
> > To:
> > Sent: Monday, July 02, 2001 7:53 PM
> > Subject: Re: VPN troubles [7:10714]
> >
> >
> > > The reason you cant ping from the router itself is
> > that when you specified
> > > what traffic to encrypt and send to the tunnel
> > you only specified the
> > > subnets behind the firewall and router. If you
> > try and ping the other
> > side
> > > it will not go through the tunnel because it is
> > not a match on the
> > > access-list. That is one of the reasons. I cant
> > say that is the only
> > > reason cuz I don't know what your configs look
> > like.
> > >
> > > Hope that helps
> > >
> > > George, Head Janitor, CCNA CCDA
> > > Cisco Systems
> > >
> > > ""Allen May"" wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > I have an IPSec tunnel set up between PIX and a
> > 2600 and it works
> > > perfectly
> > > > for clients end-to-end. However, I can't ping
> > across the VPN from pix
> > or
> > > > router.
> > > >
> > > > I suspect a routing issue. When I try to add a
> > route to tell it
> > anything
> > > > going to the other end should use that IP on
> > that interface, it gives an
> > > > error saying invalid hop because it's on that
> > router.
> > > >
> > > > Any ideas?
> > > >
> > > > A little info:
> > > > Remote network has 10.43.2.0/24 but gateway is a
> > secondary IP on the
> > > > internal FastEthernet interface of a 2600.
> > > > Central network is 10.43.1.0/24 on a PIX 515.
> > > > Future networks will be on the 10.x.y.z network
> > & centralize to the PIX
> > > > rack.
> > > >
> > > > The problem I'm trying to solve is making the
> > remote routers
> > authenticate
> > > > over the VPN to TACACS+ for the enable password.
> > If I can't ping the
> > box
> > > > because it's trying to bo out the default route,
> > it won't work.
> > > >
> > > > Allen
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10881&t=10714
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
