06-28-2007 09:34 AM
i am using this setup
http://www.cisco.com/image/gif/en/us/guest/tech/tk372/c1492/ccmigration_09186a008009442e.gif
i cannot ping the inside user from the remote client ?
do you know why ?
Solved! Go to Solution.
06-28-2007 11:03 AM
06-28-2007 09:55 AM
add...
isakmp nat-traversal
06-28-2007 10:41 AM
I am at home receive a ip address 192.168.60.1 and i couldnot ping the inside interface of the pix 501(192.168.50.1)
this the partial of the config( i remove line command for security)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list outside_access_in permit icmp any any echo-reply
access-list 101 permit ip 192.168.50.0 255.255.255.0 192.168.60.0 255.255.255.0
ip address inside 192.168.50.1 255.255.255.0
ip local pool ippool 192.168.60.1-192.168.60.254
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 8 authentication rsa-sig
isakmp policy 8 encryption des
isakmp policy 8 hash sha
isakmp policy 8 group 1
isakmp policy 8 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn3000 address-pool ippool
vpngroup vpn3000 split-tunnel 101
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 device-pass-through
vpngroup vpn3000 password ********
06-28-2007 11:03 AM
Add..
management-access inside
Please rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: