Re: Trouble with ISA2004 site-to-site to Cisco Pix 501
- From: "Julian Dragut" <julianmd@xxxxxxxxxx>
- Date: Fri, 28 Oct 2005 01:03:12 -0400
Hi,
This is the normal behaviour, as PIX creates the IPSEC Tunnel only when
"relevant" traffic is generated towards its IPSEC peer.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx
Is each one set up as gateway to the other?
Which is one the originator?
"wrkinprgrs" <blaze@xxxxxxxxxxxxx> wrote in message
news:1130423464.673181.274110@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> We have an ISA2004 server running on Windows Server 2003 and it has 3
> existing site to site vpn connections on it now. We are setting up a
> 4th and this one is giving us trouble. The other end is running Cisco
> Pix 501 and we can establish the IPSEC site to site but they have to
> initiate all connections to us we cannot connect to them. Eg. Once
> they initiate a ping to one of our machines (which is successfull) we
> can then and only then ping them from that machine. Other machines
> still cannot ping them. If they ping the other machines on our
> end...then we are able to ping from them as well. I have asked them if
> they set us up as a NAT which seems to make sense to me as to why all
> unsolicited traffic from us is blocked but they say that is not the
> case. We are not familiar with Cisco Pix especially command
> line....totally ISA experience here....anyone know what could be wrong
> on the Cisco side? (of course assuming its not ISA...since ISA is open
> to their network setup as a route network).
>
.
- References:
- Trouble with ISA2004 site-to-site to Cisco Pix 501
- From: wrkinprgrs
- Trouble with ISA2004 site-to-site to Cisco Pix 501
- Prev by Date: Re: Remote Veritas Agent does not installing on ISA2004
- Next by Date: ISA VPN : WHICH Client ? Which IP ?
- Previous by thread: Trouble with ISA2004 site-to-site to Cisco Pix 501
- Next by thread: Re: Remote Veritas Agent does not installing on ISA2004
- Index(es):
Relevant Pages
|
