Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

I Get Into the PIX but Then I Can't Go Anywhere


I have a PIX 501 and I have it in my network. I VPN into the PIX fine but once int I can't access anything or browse the internet. The only thing I can ping is the outside interface once I am connected. I have posted my config below. Can someone check it out and let me know what they see.I have also attached it.


PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password

hostname MYPIX


fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69


access-list 102 permit ip

access-list 102 permit ip

pager lines 24

logging on

logging console notifications

mtu outside 1500

mtu inside 1500

ip address outside

ip address inside

ip audit info action alarm

ip audit attack action alarm

ip local pool vpnpool1 mask

ip local pool vpnpool2 mask

pdm location inside

pdm location inside

pdm location outside

pdm location outside

pdm location inside

pdm location inside

pdm location outside

pdm location inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 102

nat (inside) 1 0 0

route inside 1

route outside 1

route outside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:30:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server community BOB

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map map2 10 set transform-set trmset1

crypto dynamic-map map2 30 set transform-set ESP-3DES-MD5

crypto map map1 10 ipsec-isakmp dynamic map2

crypto map map1 interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption 3des

isakmp policy 30 hash md5

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

vpngroup MANAGEMENT address-pool vpnpool2

vpngroup MANAGEMENT dns-server

vpngroup MANAGEMENT default-domain

vpngroup MANAGEMENT idle-time 1800

vpngroup MANAGEMENT password @#$$%^^

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd lease 3600

dhcpd ping_timeout 750

terminal width 80

: end


Re: I Get Into the PIX but Then I Can't Go Anywhere

Enable (in config mode)

isakmp nat-traversal


Community Member

Re: I Get Into the PIX but Then I Can't Go Anywhere

I entered the command but to no avail. I am unsure as to what is stopping me from accessing my resources. I still can't ping anything on my network when I log vpn into the PIX. Could my static routes be the culprit?

CreatePlease to create content