[Openswan Users] ok pix solved but...how to ping??
Agent Smith
news8080 at yahoo.com
Sat Oct 8 09:39:33 CEST 2005
try this on pix side, pix requires that you
specifically allow return ICMPs back in.
icmp permit any unreachable outside
icmp permit any echo-reply outside
icmp permit host a.b.c.d outside
icmp deny any outside
in this example, a.b.c.d is the only host allowed to
ping pix while all hosts internal to pix can ping
out.\
hope that helps.
--- lean <piccololean at yahoo.it> wrote:
> >I restarted the pix too but the problem is the
> same...
>
> >Agent Smith wrote:
> >add this to pix
> >isakmp identity address
> >then restart the tunnel
>
> I solved with:
> isakmp identity address on the pix and
> rightid=pix_private_ip_before_nat
> Now again the SA is done but:
> 1) no ipsec0 device found
> 2) no ping to subnet
> Can you help me? Thanks
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the Users
mailing list