you're a router guy. signatures are sys admin problems ;->
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Yonkerbonk
Sent: Tuesday, July 03, 2001 11:58 AM
To: [EMAIL PROTECTED]
Subject: Re: VPN troubles [7:10714]
That's what I get for not creating a signature.
Michael
--- Kevin Wigle wrote:
> can't resist................
>
> Hey Michael, that's some CCIE# you go there :-)
>
> Kevin Wigle
>
> ----- Original Message -----
> From: "Yonkerbonk"
> To:
> Sent: Tuesday, July 03, 2001 11:30 AM
> Subject: Re: VPN troubles [7:10714]
>
>
> > What you need to test with is do an extended ping.
> > Type in ping ip and then enter. And then follow
> the
> > prompts after that. It gives you the choice of
> picking
> > which ip address the router will use as the
> source. By
> > default is uses the interface the packet leaves
> from.
> >
> > Michael Le, CCIE #681
> >
> > --- Allen May wrote:
> > > OK I'll get the configs & forward in a bit. But
> for
> > > now...the inside
> > > interface has an IP on that subnet. What would
> it
> > > take to get it to work
> > > from the router itself? It's got an outside IP
> > > going to the ISP and an
> > > inside IP for a 10.43.2.0/24 network with a
> > > secondary IP on the inside
> > > interface of 10.43.2.1.
> > >
> > > I guess what I'm trying to say is...how DO you
> make
> > > it work then? ;)
> > >
> > > Allen
> > >
> > > ----- Original Message -----
> > > From: "G30RG3"
> > > To:
> > > Sent: Monday, July 02, 2001 7:53 PM
> > > Subject: Re: VPN troubles [7:10714]
> > >
> > >
> > > > The reason you cant ping from the router
> itself is
> > > that when you specified
> > > > what traffic to encrypt and send to the tunnel
> > > you only specified the
> > > > subnets behind the firewall and router. If
> you
> > > try and ping the other
> > > side
> > > > it will not go through the tunnel because it
> is
> > > not a match on the
> > > > access-list. That is one of the reasons. I
> cant
> > > say that is the only
> > > > reason cuz I don't know what your configs look
> > > like.
> > > >
> > > > Hope that helps
> > > >
> > > > George, Head Janitor, CCNA CCDA
> > > > Cisco Systems
> > > >
> > > > ""Allen May"" wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > I have an IPSec tunnel set up between PIX
> and a
> > > 2600 and it works
> > > > perfectly
> > > > > for clients end-to-end. However, I can't
> ping
> > > across the VPN from pix
> > > or
> > > > > router.
> > > > >
> > > > > I suspect a routing issue. When I try to
> add a
> > > route to tell it
> > > anything
> > > > > going to the other end should use that IP on
> > > that interface, it gives an
> > > > > error saying invalid hop because it's on
> that
> > > router.
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > A little info:
> > > > > Remote network has 10.43.2.0/24 but gateway
> is a
> > > secondary IP on the
> > > > > internal FastEthernet interface of a 2600.
> > > > > Central network is 10.43.1.0/24 on a PIX
> 515.
> > > > > Future networks will be on the 10.x.y.z
> network
> > > & centralize to the PIX
> > > > > rack.
> > > > >
> > > > > The problem I'm trying to solve is making
> the
> > > remote routers
> > > authenticate
> > > > > over the VPN to TACACS+ for the enable
> password.
> > > If I can't ping the
> > > box
> > > > > because it's trying to bo out the default
> route,
> > > it won't work.
> > > > >
> > > > > Allen
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> > http://personal.mail.yahoo.com/
> [EMAIL PROTECTED]
>
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10882&t=10714
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
