03-12-2004 09:16 AM - edited 02-20-2020 11:17 PM
I've had this problem once before, but I'm unsure of what's happening exactly. All I know is that I cannot access the internet. Though oddly enough it seems my site to site vpn is working (Tho I cannnot ping) Another thing I should add is that the 123.44.67.0 network is not an internet network. It's the local network here. (I didn't set up the scheme, I just know it's impossible to change in the near future)
Please help me out here. I'm so confused and I'm sure all I'm doing is confusing matters more.
Here's a copy of my config
names
name 123.44.67.0 Toledo
name 123.44.67.206 misys
access-list outside_access_in permit icmp any any
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 Toledo 255.255.255.0
access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 Toledo 255.255.255.0
access-list acl_out permit icmp any any
access-list nonat_vpn permit ip any 192.168.1.0 255.255.255.0
access-list nonat_vpn permit ip host misys host 192.168.1.2
access-list nonat_vpn permit ip host misys host 192.168.1.32
access-list nonat_vpn permit ip host misys host 192.168.1.3
pager lines 24
icmp permit any outside
icmp permit any inside
icmp permit any echo-reply inside
icmp permit any traceroute inside
mtu outside 1500
mtu inside 1500
ip address outside 69.3.45.* 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location Toledo 255.255.255.0 outside
pdm location misys 255.255.255.255 outside
pdm location 192.168.1.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 69.3.45.*
nat (inside) 0 access-list nonat_vpn
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside_access_in in interface outside
rip inside passive version 1
rip inside default version 1
route outside 0.0.0.0 0.0.0.0 69.3.45.* 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 68.76.6.185
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address 68.76.6.* netmask 255.255.255.255 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
console timeout 0
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 64.105.179.138 64.105.189.26
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
03-12-2004 11:05 PM
There isn't really enough information to determine the problem. If you get a sniffer trace outside the PIX, are packets from the inside going outbound? Does the router on the outside of the PIX show the correct arp entry for the global address and the PIX outside interface address?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide