cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
2
Replies

Pix 506e. Is this possible?

mkerklaan
Level 1
Level 1

Hi,

Im trying to find a solution for the following:

we are running a Pix 506e.

Users connect from the outside to it using pptp vpn.

From the inside users are using cisco vpn-client to a cisco vpn concentrator. Can i let the pix make this connection.

I tried setting up easyvpn but it tells me i need to remote "nat 0 "

If i do this my internet doesn't work anymore.

I am confused..

Any help is appriciated

Marco

2 Replies 2

spremkumar
Level 9
Level 9

Hi

you can define 2 NAT statements leaving the VPN traffic remain the same (unnated) and the other traffic to get natted..

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-list 101 permit ip 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0

Where 1.1.1.0/24 is ur local inside address space and 2.2.2.0/24 which u use as a pool for the vpn clients..

regds

Hi,

thanks for your reply. But thats allready in my config. Following is the exact message when i try to enable the easyvpn:

[ERR]vpnclient enable

* Remove "nat (inside) 0 inside_outbound_nat0_acl"

CONFIG CLASH: Configuration that would prevent successful PIX Easy VPN Remote

operation has been detected, and is listed above. Please resolve the

above configuration clashes and re-enable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: