I have a tunnel established between a PIX 515E and a Netgear FVS338. The tunnel shows established on both ends but I can get no traffic to pass through the tunnel. Below is my config off the PIX. Any help would be great.
Thanks
PIX Version 7.0(1)
names
!
interface Ethernet0
nameif outside
security-level 0
ip address XX.XX.XX.XX 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.0.1 255.255.0.0
!
interface Ethernet2
nameif dmz
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
enable password XXXXXXXX encrypted
passwd XXXXXXXX encrypted
hostname snoopy
domain-name corp.tangeroutlet.com
ftp mode passive
access-list inside_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.80.0.0 255.255.0.0
access-list outside_cryptomap_70 extended permit ip 10.10.0.0 255.255.0.0 10.80.0.0 255.255.0.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover
monitor-interface outside
monitor-interface inside
monitor-interface dmz
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.10.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map VPN_MAP 70 match address outside_cryptomap_70
crypto map VPN_MAP 70 set pfs
crypto map VPN_MAP 70 set peer XX.XX.XX.XX
crypto map VPN_MAP 70 set transform-set STRONG ESP-DES-SHA ESP-3DES-SHA ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA
crypto map VPN_MAP interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 150 authentication pre-share
isakmp policy 150 encryption aes
isakmp policy 150 hash sha
isakmp policy 150 group 2
isakmp policy 150 lifetime 86400
telnet timeout 5
ssh 10.10.0.200 255.255.255.255 inside
ssh 10.10.0.14 255.255.255.255 inside
ssh timeout 60
console timeout 0
dhcpd address 10.10.0.2-10.10.1.1 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group testing type ipsec-l2l
tunnel-group testing ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-l2l
tunnel-group TunnelGroup1 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
Cryptochecksum:??????
: end
Thanks
PIX Version 7.0(1)
names
!
interface Ethernet0
nameif outside
security-level 0
ip address XX.XX.XX.XX 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.0.1 255.255.0.0
!
interface Ethernet2
nameif dmz
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet5
shutdown
no nameif
no security-level
no ip address
!
enable password XXXXXXXX encrypted
passwd XXXXXXXX encrypted
hostname snoopy
domain-name corp.tangeroutlet.com
ftp mode passive
access-list inside_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.80.0.0 255.255.0.0
access-list outside_cryptomap_70 extended permit ip 10.10.0.0 255.255.0.0 10.80.0.0 255.255.0.0
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover
monitor-interface outside
monitor-interface inside
monitor-interface dmz
asdm image flash:/pdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 10.10.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto map VPN_MAP 70 match address outside_cryptomap_70
crypto map VPN_MAP 70 set pfs
crypto map VPN_MAP 70 set peer XX.XX.XX.XX
crypto map VPN_MAP 70 set transform-set STRONG ESP-DES-SHA ESP-3DES-SHA ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA
crypto map VPN_MAP interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 150 authentication pre-share
isakmp policy 150 encryption aes
isakmp policy 150 hash sha
isakmp policy 150 group 2
isakmp policy 150 lifetime 86400
telnet timeout 5
ssh 10.10.0.200 255.255.255.255 inside
ssh 10.10.0.14 255.255.255.255 inside
ssh timeout 60
console timeout 0
dhcpd address 10.10.0.2-10.10.1.1 inside
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable inside
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
tunnel-group testing type ipsec-l2l
tunnel-group testing ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-l2l
tunnel-group TunnelGroup1 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
Cryptochecksum:??????
: end
