Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping Static device behind Pix

I have a site to site VPN set up. On the remote end is a Pix 501 3DES 10 user.

Inside address is 10.25.99.1 and it is running dhcp for 10.25.99.10 thru 10.25.99.19.

I only have 3 users behind that device. I have a network attached printer that is at 10.25.99.20 and it is not reachable from anywhere except the local lan that has the Pix on it. This limitation should be easy to overcome but I haven't found the solution yet..... any ideas?

2 REPLIES

Re: Ping Static device behind Pix

I’m not a PIX expert but here is my suggestion. Be sure you aren’t trying to run NAT through your IPSec tunnel and that you are able to send data back and forth between the subnets. You should be able to accomplish this by adding a couple of NAT statements and a simple access-list to route between the networks. See example:

Location #1

nat (inside) 0 access-list 100

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

access-list 100 permit ip 192.168.1.0 255.255.0.0 10.25.99.0 255.255.0.0

Location #2

nat (inside) 0 access-list 100

nat (inside) 1 10.25.99.0 255.255.255.0 0 0

access-list 100 permit ip 10.25.99.0 255.255.255.0 192.168.1.0 255.255.255.0

New Member

Re: Ping Static device behind Pix

That is exactly how I am set up. The only pingable addresses behind the pix 501 are the pc's that lease an address from the pix over dhcp. PC's on that subnet can ping everything inside the subnet, static or otherwise.

79
Views
0
Helpful
2
Replies
CreatePlease login to create content