06-28-2007 09:34 AM
i am using this setup
http://www.cisco.com/image/gif/en/us/guest/tech/tk372/c1492/ccmigration_09186a008009442e.gif
i cannot ping the inside user from the remote client ?
do you know why ?
Solved! Go to Solution.
06-28-2007 11:03 AM
06-28-2007 09:55 AM
add...
isakmp nat-traversal
06-28-2007 10:41 AM
I am at home receive a ip address 192.168.60.1 and i couldnot ping the inside interface of the pix 501(192.168.50.1)
this the partial of the config( i remove line command for security)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list outside_access_in permit icmp any any echo-reply
access-list 101 permit ip 192.168.50.0 255.255.255.0 192.168.60.0 255.255.255.0
ip address inside 192.168.50.1 255.255.255.0
ip local pool ippool 192.168.60.1-192.168.60.254
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 8 authentication rsa-sig
isakmp policy 8 encryption des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn3000 address-pool ippool
vpngroup vpn3000 split-tunnel 101
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 device-pass-through
vpngroup vpn3000 password ********
06-28-2007 11:03 AM
Add..
management-access inside
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide