Problem with PIX 500

Unanswered Question
Jun 9th, 2010
User Badges:

I have a pix 500 firewall box.

I have a system which is on DMZ and IP is, there is webserver running on this.

Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is

I added an access list as given below

access-list bastion permit ip host

access-list bastion permit ip host

But when add this list " access-list bastion permit ip host " I receive an error message

access-list nonat permit ip

ERROR: Global address,mask <,> doesn't pair

Type help or '?' for a list of available commands.

Can someone help me to rectify this problem?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Wed, 06/09/2010 - 04:22
User Badges:
  • Cisco Employee,

It appears you are trying a wildcard mask instead of the regular mask.

access-list bastion permit ip host

Try the above.



This Discussion