Access-List to allow remote to access local network

Unanswered Question
Oct 23rd, 2008
User Badges:

Remote pix need to access my local network I am not quite sure on ACL needed. Below is the e-mail received from the remote tech. Also my pix config is attached

I'm attempting to ping your NAT'd IP address and this is unreachable on our end. Please be sure that your security device allows traffic initiated from e-MDs as well.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 10/23/2008 - 16:56
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Casey


Your VPN is setup so that any client in the 192.168.0.0/24 network will be natted to 172.24.176.9 when they try to connect to either 192.168.50.83 or 192.168.50.86.


But for them to be able to initiate a connection to you you need to statically map an ip address. So what remote IP are they trying to ping. If they are trying to ping 172.24.176.9 and the tunnel is not up then your firewall has no way of knowing which 192.168.0.x address the 172.24.176.9 address is meant to NAT to.


Hopefully this makes sense. What IP address are they trying to get to ie. what internal server do they want to access 192.168.0.??


Jon

c-drozd Fri, 10/24/2008 - 03:18
User Badges:

I the internal server they want to access is 192.168.0.9.

Actions

This Discussion