Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

I Get Into the PIX but Then I Can't Go Anywhere

All,

I have a PIX 501 and I have it in my network. I VPN into the PIX fine but once int I can't access anything or browse the internet. The only thing I can ping is the outside interface once I am connected. I have posted my config below. Can someone check it out and let me know what they see.I have also attached it.

-----------------------------------------

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password

hostname MYPIX

domain-name ciscopix.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 102 permit ip 10.43.15.0 255.255.255.0 10.10.8.0 255.255.255.0

access-list 102 permit ip 165.10.40.0 255.255.255.0 10.43.15.0 255.255.255.0

pager lines 24

logging on

logging console notifications

mtu outside 1500

mtu inside 1500

ip address outside 206.66.58.2 255.255.255.0

ip address inside 10.43.15.2 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool1 10.10.8.100-10.10.8.200 mask 255.255.255.0

ip local pool vpnpool2 10.43.15.225-10.43.15.238 mask 255.255.255.0

pdm location 10.10.10.0 255.255.255.0 inside

pdm location 10.10.11.0 255.255.255.0 inside

pdm location 10.43.15.0 255.255.255.0 outside

pdm location 10.10.8.0 255.255.255.0 outside

pdm location 165.10.40.0 255.255.255.0 inside

pdm location 0.0.0.0 255.255.255.0 inside

pdm location 10.43.15.224 255.255.255.255 outside

pdm location 165.10.30.0 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 102

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route inside 0.0.0.0 255.255.255.0 10.43.15.254 1

route outside 0.0.0.0 0.0.0.0 206.66.58.2 1

route outside 10.43.15.224 255.255.255.255 206.66.58.2 1

route inside 165.10.30.0 255.255.255.255 10.43.15.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:30:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 10.43.15.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community BOB

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map map2 10 set transform-set trmset1

crypto dynamic-map map2 30 set transform-set ESP-3DES-MD5

crypto map map1 10 ipsec-isakmp dynamic map2

crypto map map1 interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption 3des

isakmp policy 30 hash md5

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

vpngroup MANAGEMENT address-pool vpnpool2

vpngroup MANAGEMENT dns-server 165.10.40.100 165.10.40.99

vpngroup MANAGEMENT default-domain help.com

vpngroup MANAGEMENT idle-time 1800

vpngroup MANAGEMENT password @#$$%^^

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

terminal width 80

: end

2 REPLIES
Gold

Re: I Get Into the PIX but Then I Can't Go Anywhere

Enable (in config mode)

isakmp nat-traversal

HTH

Community Member

Re: I Get Into the PIX but Then I Can't Go Anywhere

I entered the command but to no avail. I am unsure as to what is stopping me from accessing my resources. I still can't ping anything on my network when I log vpn into the PIX. Could my static routes be the culprit?

103
Views
0
Helpful
2
Replies
CreatePlease to create content