Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
2
Replies

Access-List to allow remote to access local network

c-drozd
Level 1
Level 1

‎10-23-2008 04:42 PM - edited ‎03-11-2019 07:02 AM

Remote pix need to access my local network I am not quite sure on ACL needed. Below is the e-mail received from the remote tech. Also my pix config is attached

I'm attempting to ping your NAT'd IP address and this is unreachable on our end. Please be sure that your security device allows traffic initiated from e-MDs as well.

Labels:
Preview file
3 KB
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎10-23-2008 04:56 PM

Casey

Your VPN is setup so that any client in the 192.168.0.0/24 network will be natted to 172.24.176.9 when they try to connect to either 192.168.50.83 or 192.168.50.86.

But for them to be able to initiate a connection to you you need to statically map an ip address. So what remote IP are they trying to ping. If they are trying to ping 172.24.176.9 and the tunnel is not up then your firewall has no way of knowing which 192.168.0.x address the 172.24.176.9 address is meant to NAT to.

Hopefully this makes sense. What IP address are they trying to get to ie. what internal server do they want to access 192.168.0.??

Jon

0 Helpful

c-drozd
Level 1
Level 1
In response to Jon Marshall

‎10-24-2008 03:18 AM

I the internal server they want to access is 192.168.0.9.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card