Cisco Support Community
Community Member

Establish a VPN and Get an IP, but no traffic to inside allowed

Hello all, I have a PIX 506 with 6.3.4 and I terminate IPSEC based vpn on it. I get an IP address when I establish the VPN, but I cannot ping or communicate with any of the internal network. I know I am missing something simple, but I just can't seem to find it. Your help is appreciated. My config is below.

PIX Version 6.3(4)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password XXXXXXXXXX

passwd XXXXXXXXXRRRRR encrypted

hostname business


access-list out_in permit tcp any any eq 995

access-list split_tunnel permit ip

access-list nonat permit ip

pager lines 24

logging monitor debugging

mtu outside 1500

mtu inside 1500

ip address outside

ip address inside

ip audit info action alarm

ip audit attack action alarm

ip local pool ippool

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0 0

static (inside,outside) tcp interface smtp smtp netmask 0 0

static (inside,outside) tcp interface 3389 3389 netmask 0 0

static (inside,outside) tcp interface https https netmask 0 0

static (inside,outside) tcp interface 995 995 netmask 0 0

static (inside,outside) tcp interface 3390 3389 netmask 0 0

access-group out_in in interface outside

route outside 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa-server w2k3 protocol radius

aaa-server w2k3 max-failed-attempts 3

aaa-server w2k3 deadtime 10

aaa-server w2k3 (inside) host radkey timeout 10

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-AES-192 esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map dynmap 10 set transform-set ESP-3DES-SHA

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client authentication w2k3

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp keepalive 10

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption aes-256

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption des

isakmp policy 30 hash sha

isakmp policy 30 group 1

isakmp policy 30 lifetime 86400

vpngroup business address-pool ippool

vpngroup business dns-server

vpngroup business default-domain business.local

vpngroup business split-tunnel split_tunnel

vpngroup business split-dns business.local

vpngroup business idle-time 1600

vpngroup business password ********

telnet inside

telnet timeout 5

management-access inside


Re: Establish a VPN and Get an IP, but no traffic to inside allo

try applying these commands:

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

CreatePlease to create content