Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access-List to allow remote to access local network

Remote pix need to access my local network I am not quite sure on ACL needed. Below is the e-mail received from the remote tech. Also my pix config is attached

I'm attempting to ping your NAT'd IP address and this is unreachable on our end. Please be sure that your security device allows traffic initiated from e-MDs as well.

2 REPLIES
Hall of Fame Super Blue

Re: Access-List to allow remote to access local network

Casey

Your VPN is setup so that any client in the 192.168.0.0/24 network will be natted to 172.24.176.9 when they try to connect to either 192.168.50.83 or 192.168.50.86.

But for them to be able to initiate a connection to you you need to statically map an ip address. So what remote IP are they trying to ping. If they are trying to ping 172.24.176.9 and the tunnel is not up then your firewall has no way of knowing which 192.168.0.x address the 172.24.176.9 address is meant to NAT to.

Hopefully this makes sense. What IP address are they trying to get to ie. what internal server do they want to access 192.168.0.??

Jon

Community Member

Re: Access-List to allow remote to access local network

I the internal server they want to access is 192.168.0.9.

132
Views
0
Helpful
2
Replies
CreatePlease to create content