PIX 8.0 with remote access VPN

tgregorics · ‎12-05-2008

I'm having trouble setting up Remote Access VPN with a PIX515E.

I can establish a connection with the PIX using the Cisco VPN Client, get an IP address assigned from the vpn pool, but can not ping the PIX's internal address, or access/ping any other internal resource on the HQ's network.

See the configuration in the attachment.

husycisco · ‎12-05-2008

Hello Thomas,

Try adding this,

crypto isakmp nat-traversal 20

In addition, your config exempts NAT for only to intranet, you cant access to inside network unless you create another exempt nat rule for that interface

Finally, keep in mind that intradmz ACL does permit specific computers like server-group object group to establish connection. That includes VPN traffic

For icmp, add an inspection

policy-map global_policy

class inspection_default

inspect icmp

Regards

tgregorics · ‎12-09-2008

Thanks for the suggestions.

I managed to resolve the issue, but it was something else... a terrible mistake on my part.

For nat 0 I used the inside interface... I should have used intranet. (I know, I should have used better interface naming, but we stopped using the dmz setup, and I kinda left the inside interface unused)