What you need to test with is do an extended ping.
Type in ping ip and then enter. And then follow the
prompts after that. It gives you the choice of picking
which ip address the router will use as the source. By
default is uses the interface the packet leaves from.
Michael Le, CCIE #681
--- Allen May wrote:
> OK I'll get the configs & forward in a bit. But for
> now...the inside
> interface has an IP on that subnet. What would it
> take to get it to work
> from the router itself? It's got an outside IP
> going to the ISP and an
> inside IP for a 10.43.2.0/24 network with a
> secondary IP on the inside
> interface of 10.43.2.1.
>
> I guess what I'm trying to say is...how DO you make
> it work then? ;)
>
> Allen
>
> ----- Original Message -----
> From: "G30RG3"
> To:
> Sent: Monday, July 02, 2001 7:53 PM
> Subject: Re: VPN troubles [7:10714]
>
>
> > The reason you cant ping from the router itself is
> that when you specified
> > what traffic to encrypt and send to the tunnel
> you only specified the
> > subnets behind the firewall and router. If you
> try and ping the other
> side
> > it will not go through the tunnel because it is
> not a match on the
> > access-list. That is one of the reasons. I cant
> say that is the only
> > reason cuz I don't know what your configs look
> like.
> >
> > Hope that helps
> >
> > George, Head Janitor, CCNA CCDA
> > Cisco Systems
> >
> > ""Allen May"" wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I have an IPSec tunnel set up between PIX and a
> 2600 and it works
> > perfectly
> > > for clients end-to-end. However, I can't ping
> across the VPN from pix
> or
> > > router.
> > >
> > > I suspect a routing issue. When I try to add a
> route to tell it
> anything
> > > going to the other end should use that IP on
> that interface, it gives an
> > > error saying invalid hop because it's on that
> router.
> > >
> > > Any ideas?
> > >
> > > A little info:
> > > Remote network has 10.43.2.0/24 but gateway is a
> secondary IP on the
> > > internal FastEthernet interface of a 2600.
> > > Central network is 10.43.1.0/24 on a PIX 515.
> > > Future networks will be on the 10.x.y.z network
> & centralize to the PIX
> > > rack.
> > >
> > > The problem I'm trying to solve is making the
> remote routers
> authenticate
> > > over the VPN to TACACS+ for the enable password.
> If I can't ping the
> box
> > > because it's trying to bo out the default route,
> it won't work.
> > >
> > > Allen
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10819&t=10714
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
