Solved: PIX 501

rene.melendez · ‎07-26-2008

Hello everybody

I have PIX 501 conected a modem where i configured a vpn, I created a vpngroup and I give all the permission, I can connect across the vpn but my problem is that I can't to ping the pix and inside network.

I used the command split tunneling and nonat for the VPN's ip.

Regards,

Farrukh Haroon · ‎07-28-2008

Please do the following:

1) Try to enable NAT-T

isakmp nat-traversal

2) Try to change your split-tunnel ACL from extended to standard.

Regards

Farrukh

View solution in original post

Marwan ALshawi · ‎07-26-2008

if the software before version 7

try to make fixup icmp

if 7 or above

make the inspect icmp icmp

inspect icmp error

under the global_inspection rule

also add ACLs to allow the icmp between VPN IPS and whatever u want

Rate if helpful

Farrukh Haroon · ‎07-26-2008

Is traffic besides ICMP working? If it is, enable ICMP inspection.

Else check the routing, crypto ACLs, split tunnel configs/routers, NAT exemption etc.

Regards

Farrukh

rene.melendez · ‎07-28-2008

Hi again, thanks for you help friends, I enabled the fixup snmp error, but I still can't connect to inside network, I attached the sho ver and the sho run, I am connect with the pix through PDM. (El pix even can't to ping the remote site)

Thanks a lot (sorry for my english).

Regards,

rene.melendez · ‎07-28-2008

I forgot load the file.

Sorry

Farrukh Haroon · ‎07-28-2008

Please do the following:

1) Try to enable NAT-T

isakmp nat-traversal

2) Try to change your split-tunnel ACL from extended to standard.

Regards

Farrukh