07-30-2008 02:04 AM - edited 03-11-2019 06:22 AM
I cant ping anything on the inside interface of a pix 515 from a VPN client.
07-30-2008 02:09 AM
Hi,
Have you checked you have correct ACL for traffic from VPN pool to inside subnet, and correct (No-)NAT entries in both way?
More, the split-tunneling ACL is matching your inside subnet and your vpn pool ?
07-30-2008 02:54 AM
This is what I have done so far.I can connect to the pix but I cant ping the inside hosts.I dont need split tunneling.
access-list client-vpn permit ip 172.16.48.0 255.255.255.248 17.1.1.0 255.255.255.240
ip local pool client-vpn-pool 17.1.1.1-17.1.1.14
nat (inside) 0 access-list client-vpn
07-30-2008 02:44 AM
Hello Michael,
You need to enable NAT Traversal on your PIX for ISAKMP i.e. in config mode...
isakmp nat-traversal
Save with wr m
Hope this helps and please rate posts.
07-30-2008 03:02 AM
i am runnning ver 6.1(3).The firewall doesnt want to take that command.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: