Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA2004 <-> PIX501 site2site vpn - no traffic

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> ISA2004 <-> PIX501 site2site vpn - no traffic Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA2004 <-> PIX501 site2site vpn - no traffic - 19.Feb.2008 10:45:37 AM   
ihopley

 

Posts: 2
Joined: 7.Jun.2007
Status: offline 		Hi folks,

I'm trying to setup a site to site vpn with a pix 501, following both:
http://www.microsoft.com/technet/isa/2004/plan/ipsecvpn.mspx
and
http://www.isaserver.org/tutorials/Implementing-IPSEC-Site-to-Site-VPN-between-ISA-Server-2006-Beta-Cisco-PIX-501.html

Have followed this to the t, I appear to have successfully created the ipsec tunnel, and can see the the ISAKMP phase 1 and II exchanges completing successfully using a syslog damon on the pix.  The ike and IPSEC tunnels are initiated succussfully from both ends, however I cannot get any traffic to flow down the tunnel.

I am fairly sure I have the required access rules in place, my gut feeling is that it is a routing issue but cannot see where it is failing.

Not sure how to best post up config as it will be quite lengthy but summary as follows:

ISA Internal - 172.16.0.0/20
ISA Public - 213.128.***.*** (primary ip on NIC)
Pix Internal - 172.16.17.0/24
Pix Public - 82.69.***.***

ISA VPN remote endpoint = Pix Public
ISA VPN gateway address = ISA Public

ISA Network Rules: Route between ISA Internal and PIX Internal
2 network rules in ISA between ISA and PIX, both directions to route (not NAT)
2 acccess rules in ISA
- allow all traffic from ISA Private to PIX Private, all users
- allow all traffic from PIX Private to ISA Private, all users

PIX:
Outbound Access rule from Pix Private to ISA Private (IP & ICMP)
Inbound Access rule from ISA Private to Pix Private  (ICMP & IP)
IPSEC Rules - Protect Pix Private to ISA Private (IP & ICMP)
NAT Translation Exemption rule from Pix Private to ISA Private

As I mentioned I think it is routing or NAT somewhere but can't see where.

Any help would be very appreciated.

Cheers
I.







Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> ISA2004 <-> PIX501 site2site vpn - no traffic Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts