Problem with PIX 500

Unanswered Question
Jun 9th, 2010

I have a pix 500 firewall box.

I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.

Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0

I added an access list as given below

access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16

access-list bastion permit ip 10.40.1.16 host 10.255.1.0

But when add this list " access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message

access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0

ERROR: Global address,mask <10.255.1.0,255.255.0.0> doesn't pair

Type help or '?' for a list of available commands.

Can someone help me to rectify this problem?

Regards

Tonio

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Wed, 06/09/2010 - 04:22

It appears you are trying a wildcard mask instead of the regular mask.

access-list bastion permit ip 10.255.1.0 255.255.255.0 host 10.40.1.16

Try the above.

-KS

Actions

This Discussion