Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX 501

Hello everybody

I have PIX 501 conected a modem where i configured a vpn, I created a vpngroup and I give all the permission, I can connect across the vpn but my problem is that I can't to ping the pix and inside network.

I used the command split tunneling and nonat for the VPN's ip.

Regards,

1 ACCEPTED SOLUTION

Accepted Solutions

Re: PIX 501

Please do the following:

1) Try to enable NAT-T

isakmp nat-traversal

2) Try to change your split-tunnel ACL from extended to standard.

Regards

Farrukh

5 REPLIES

Re: PIX 501

if the software before version 7

try to make fixup icmp

if 7 or above

make the inspect icmp icmp

inspect icmp error

under the global_inspection rule

also add ACLs to allow the icmp between VPN IPS and whatever u want

Rate if helpful

Re: PIX 501

Is traffic besides ICMP working? If it is, enable ICMP inspection.

Else check the routing, crypto ACLs, split tunnel configs/routers, NAT exemption etc.

Regards

Farrukh

Community Member

Re: PIX 501

Hi again, thanks for you help friends, I enabled the fixup snmp error, but I still can't connect to inside network, I attached the sho ver and the sho run, I am connect with the pix through PDM. (El pix even can't to ping the remote site)

Thanks a lot (sorry for my english).

Regards,

Community Member

Re: PIX 501

I forgot load the file.

Sorry

Re: PIX 501

Please do the following:

1) Try to enable NAT-T

isakmp nat-traversal

2) Try to change your split-tunnel ACL from extended to standard.

Regards

Farrukh

157
Views
0
Helpful
5
Replies
CreatePlease to create content