Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DSL and T1 on same PIX - internet through DSL and VPN through T1

I am trying to configure my pix 515 to route internet traffic to the DSL (ethernet0) and establish a vpn with corporate through a T1 (ethernet2). Internet works fine but the vpn tunnel will not establish. Here is a bit of my config:

global (outside) 1 interface

global (intranet) 2 interface

nat (inside) 0 access-list no_nat

nat (inside) 1 x.x.x.x 255.255.0.0 0 0

nat (intranet) 1 access-list no_nat

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group intranet_access_in in interface intranet

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

route intranet x.x.x.x 255.0.0.0 x.x.x.x 1

route intranet x.x.x.x 255.255.0.0 x.x.x.x 1

I am completely lost (brain freeze on this). What am I doing wrong? Thanks for any input.

  • Firewalling
2 REPLIES
Hall of Fame Super Silver

Re: DSL and T1 on same PIX - internet through DSL and VPN throug

I am not sure that there is enough here for us to find the problem. For example your nat statements refer to inside but you do not show how the inside is configured. Your nat(intranet) references access list no_nat but you do not show us the access list. You also do not show anything about how the VPN is configured.

If you give us enough of the config (changing sensitive details) perhaps we can help you find the problem.

HTH

Rick

New Member

Re: DSL and T1 on same PIX - internet through DSL and VPN throug

Here are my acls:

access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 log

access-list outside_access_in remark -- vpn rules

access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log

access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log

access-list ipsec_from_ftw permit ip x.x.x.x 255.255.0.0 x.x.x.x 255.255.0.0 log

access-list ipsec_from_ftw permit ip x.x.x.x 255.255.0.0 x.x.x.x 255.255.0.0 log

access-list no_nat permit ip x.x.x.x 255.0.0.0 x.x.x.x 255.0.0.0

access-list inside_access_in permit tcp x.x.x.x 255.255.0.0 any

access-list inside_access_in permit udp any any

access-list inside_access_in permit tcp any any

access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 log

access-list intranet_access_in remark -- vpn rules

access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log

access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log

Do you need to see my cryptomaps? What part of the config do you need to see how the inside is configured? Thanks!!

122
Views
0
Helpful
2
Replies
This widget could not be displayed.