Problem with PIX 500

Unanswered Question
Jun 9th, 2010
User Badges:

I have a pix 500 firewall box.


I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.


Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0


I added an access list as given below



access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16

access-list bastion permit ip 10.40.1.16 host 10.255.1.0



But when add this list " access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message



access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0

ERROR: Global address,mask <10.255.1.0,255.255.0.0> doesn't pair

Type help or '?' for a list of available commands.


Can someone help me to rectify this problem?


Regards

Tonio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Wed, 06/09/2010 - 04:22
User Badges:
  • Cisco Employee,

It appears you are trying a wildcard mask instead of the regular mask.


access-list bastion permit ip 10.255.1.0 255.255.255.0 host 10.40.1.16


Try the above.


-KS

Actions

This Discussion