05-19-2009 11:08 AM
I have 2 locations with static IPs with a NS5XT on each side. They have a VPN between each other that was created by the vpn wizard. The issue I'm having is that I can ping and connect via remote desktop using ip addresses from one side (garage network of 192.168.0.0) to the other (colonial network of 192.168.1.0) but can't ping or connect from the colonial network to the garage network. Both devices have both "Trust" to "Untrust" & "Untrust" to "Trust" to the other network with the Any policy.
Solved! Go to Solution.
05-19-2009 12:13 PM
I would make sure the VPN is up using "get sa" from the CLI. If the VPN is up, I would check to make sure the Policy is at the top (get pol from trust to untrust). If it's not, the first policy would match and your traffic might not be encrypted across the tunnel.
05-19-2009 12:56 PM
Sounds like a policy issue. Can you access the firewall via CLI and show the config for both side?
get conf | i ike
get conf | i vpn
and the policy as well.
05-20-2009 08:17 AM
Thank you for the help. I policys were at the bottom of the lists. I moved them to the top and now it seems to work. I would have never thought to move them. Thanks again.