I have configured site to site VPN on the pix. Due the fact, that our customer does not route any private IPs, I am sending the VPN traffic through a natted IP (i.e. 22.214.171.124). Also the remote IP, which I am accessing through VPN is also public IP (for ex: 126.96.36.199). So the moment I am enabling internet on my PC the entire traffic for the server 188.8.131.52 goes through internet in stead of VPN tunnel.
access-list NET1 permit ip host 172.25.173.139 any
nat (inside) 10 access-list NET1 0 0
global (outside) 10 184.108.40.206
1) But the customer wants to run VPN as well as internet on the Local LAN PCs. For the time being I am not running internet on the PCs which are accessing VPN based application. So is there a solution to it?
2) I could ping the IP 220.127.116.11 from the Pix. But when I tried to ping the IP from my PC, its not pinging. For the safer side I have enabled ?conduit permit icmp any any? on the pix. But still its not working. The remote peer has enabled ICMP from their end. So do u have any solution to this question as well.
Also I am attaching the pix config for your kind reference.
The Firewall Stateful Inspection of ICMP feature addresses the limitation of qualifying Internet Control Management Protocol (ICMP) messages into either a malicious or benign category by allowing the Cisco IOS firewall to use stateful inspection to "trust" ICMP messages that are generated within a private network and to permit the associated ICMP replies. Thus, network administrators can debug network issues by using ICMP without concern that possible intruders may enter the network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...