07-12-2008 07:10 AM - edited 03-06-2019 12:09 AM
hello guys,
another situation....
3725 router --- pix v5.1 --- 4507 ---
i successfully established a remote access vpn to the 3725 router...but i am unable to ping any devices from my laptop nor can i ping my device from the pix...
any thoughts...
thanks in advance...
here are my configs for the router and pix
Lab_rtr#
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
ip cef
ip audit notify log
ip audit po max-events 100
no ip domain lookup
ip ssh break-string
no ftp-server write-enable
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 60
!
crypto isakmp client configuration group 3000client
key cisco123
pool ippool
crypto isakmp profile VPNclient
description VPN Clients Profile
match identity group 3000client
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile VPNclient
!
crypto map clientmap 10 ipsec-isakmp dynamic dynmap discover
!
!
interface FastEthernet0/0
ip address xxxxx 255.255.255.248
speed 100
half-duplex
crypto map clientmap
!
interface Serial0/0
bandwidth 512
no ip address
encapsulation frame-relay IETF
no fair-queue
service-module t1 timeslots 1-8
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address xxxxx
frame-relay interface-dlci 532
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip local pool ippool 192.168.1.5
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
________________________________________________________________
PIX
PIX Version 5.1(4)
access-list 101 permit ip 10.100.55.0 255.255.255.0 host 192.168.1.5
ip address outside xxxx 255.255.255.248
ip address inside 10.100.55.200 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
global (outside) 1 xxxx netmask 255.255.255.248
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 10.100.55.207 10.100.55.207 netmask 255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 xxxx 1
route inside 10.0.0.0 255.0.0.0 10.100.55.1 1
07-12-2008 08:24 AM
Add "reverse-route" to your dynamic crypto map to facilitate a return path to the IPSec client.
It will inject a route into the routing table.
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile VPNclient
reverse-route
07-12-2008 01:19 PM
i added that, but no luck...should i allow that in the pix since it sees it from the outside interface?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: