12-05-2008 05:14 AM - edited 03-11-2019 07:21 AM
I'm having trouble setting up Remote Access VPN with a PIX515E.
I can establish a connection with the PIX using the Cisco VPN Client, get an IP address assigned from the vpn pool, but can not ping the PIX's internal address, or access/ping any other internal resource on the HQ's network.
See the configuration in the attachment.
12-05-2008 05:16 AM
Hello Thomas,
Try adding this,
crypto isakmp nat-traversal 20
In addition, your config exempts NAT for only to intranet, you cant access to inside network unless you create another exempt nat rule for that interface
Finally, keep in mind that intradmz ACL does permit specific computers like server-group object group to establish connection. That includes VPN traffic
For icmp, add an inspection
policy-map global_policy
class inspection_default
inspect icmp
Regards
12-09-2008 08:01 AM
Thanks for the suggestions.
I managed to resolve the issue, but it was something else... a terrible mistake on my part.
For nat 0 I used the inside interface... I should have used intranet. (I know, I should have used better interface naming, but we stopped using the dmz setup, and I kinda left the inside interface unused)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: