Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
1
Replies

Problem with PIX 500

toniogeorge
Level 1
Level 1

‎06-09-2010 01:10 AM - edited ‎03-11-2019 10:56 AM

I have a pix 500 firewall box.

I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.

Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0

I added an access list as given below

access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16

access-list bastion permit ip 10.40.1.16 host 10.255.1.0

But when add this list " access-list bastion permit ip 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message

access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0

ERROR: Global address,mask <10.255.1.0,255.255.0.0> doesn't pair

Type help or '?' for a list of available commands.

Can someone help me to rectify this problem?

Regards

Tonio

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎06-09-2010 04:22 AM

It appears you are trying a wildcard mask instead of the regular mask.

access-list bastion permit ip 10.255.1.0 255.255.255.0 host 10.40.1.16

Try the above.

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card