I have a pix 500 firewall box.
I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.
Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0
I added an access list as given below
access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16
access-list bastion permit ip 10.40.1.16 host 10.255.1.0
But when add this list " access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message
access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0
ERROR: Global address,mask <10.255.1.0,255.255.0.0> doesn't pair
Type help or '?' for a list of available commands.
Can someone help me to rectify this problem?