IPSec through pix

[DaHui]

Hello all -

I am trying to establish an ipsec connection between a MS 2k3 Server in my dmz and a MS 2k3 Server on my inside network. I have tried the following setup with no sucess.

the inside net is 10.x.x.x and the dmz is 172.16.1.x

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0

access-list dmz permit ah host 172.16.1.171 host 10.13.1.2
access-list dmz permit esp host 172.16.1.171 host 10.13.1.2
access-list dmz permit udp host 172.16.1.171 host 10.13.1.2 eq isakmp
access-list dmz permit udp host 172.16.1.171 host 10.13.1.2 eq 88
access-list dmz permit tcp host 172.16.1.171 host 10.13.1.2 eq 88

what am I doing wrong? it appears as though my pix is blocking IPSEC traffic regardless to the ACLS.

Please Help.
Thanks in advance.

 

[DaHui]

no one eh?

 

[SteveJBoyle]

Try adding the following to the config:

sysopt connection permit-ipsec

-Steve

 

[DaHui]

First of all thank you for replying.

I have this option on already for my VPN configuration.

Any other ideas?

 

[SteveJBoyle]

DaHui,

Is the static line a typo? It should be:

static (inside,dmz) 172.16.1.0 10.0.0.0 netmask 255.0.0.0 0 0