01-14-2002 12:23 AM - edited 02-21-2020 11:33 AM
Hello Experts!
Can somebody help me on VPN Pre shared configuration for my pix 515. The problem occurs once the user was able to connect using VPN accounts. He wasn't able to ping neither can connect to any machine that resides on my private network.
My configuration goes something like this, please tell me if I miss something.
Access-list 101 permit ip 1.0.0.0 255.0.0.0 30.0.0.0 255.0.0.0
ip local pool mypool 30.0.0.0-30.0.0.255
nat (inside) 0 access-list 129
sysopt connection permit ip-sec
no sysopt dnat
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 999 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpnuser address-pool mypool
vpngroup vpnuser dns-server Exchange DNS1
vpngroup vpnuser default-domain mydomain.com
vpngroup vpnuser idle-time 1800
vpngroup vpnuser password ********
01-15-2002 12:14 PM
Hi,
can he ping any ip address in the private network? if you can not ping any machine, add a default route to the client with matric 2,
regards,
raul
01-15-2002 12:15 PM
continued....
the default gateway you add should be the inside ip address of the PIX..
regards,
Raul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: