Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
2
Replies

IPSec & PIX with clients

rgrcommo
Level 1
Level 1

‎05-03-2002 10:05 AM - edited ‎02-21-2020 11:43 AM

I am having trouble with a client behind a PIX. I want the client to be able to access any outside address (the internet) The trickey part is the PIX is just setup right now for IPsec. I have PC's on the outside using VPN3000 client software that need to access this client behind the PIX. The MAIN priblem is I want the client behind the PIX to be able to also access any PC on the outside with out using IPsec(the NET). For some reason I can't get the client to be able to access any hosts on the Outside itnerface. The IPsec works fine however, I believe this is a access list issue I have tried everyting.. Anybody now how to do this..?

thanks!

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-04-2002 03:08 PM

Could you post config?

0 Helpful

rgrcommo
Level 1
Level 1
In response to Philip D'Ath

‎05-05-2002 06:08 AM

The IPs are not excatly the same; I am looking for syntax mostly.. thanks for the help!

Here is the dump of the PIX:

PIX Version 6.1(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list 101 permit ip 192.168.30.0 255.255.255.0 10.10.5.0 255.255.255.0

access-list 101 permit icmp any any

pager lines 24

logging on

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 192.168.10.1 255.255.255.248

ip address inside 192.168.30.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool xyzpool 10.10.5.1-10.10.5.254

pdm history enable

arp timeout 14400

global (outside) 1 192.168.10.40

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 192.168.10.1 192.168.30.1 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.10.20 192.168.30.10 netmask 255.255.255.255 0 0

access-group 101 in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.10.5 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set xyzset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set xyzset

crypto map xyzmap 10 ipsec-isakmp dynamic dynmap

crypto map xyzmap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup xyz address-pool xyzpool

vpngroup xyz split-tunnel 101

vpngroup xyz idle-time 1800

vpngroup xyz password ********

telnet timeout 5

ssh timeout 5

terminal width 80

---End

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents