Hello,
I have a pix running 6.3(3).
I've made a Client->Pix VPN setup using the Wizard via PDM, everything adds correctly.
Once everything is added there is one rule for the dynamic crypto map (80).
The rule basically says that the newly added IP pool that resides on the pix can access any host on the inside network using IP.
I've changed the rule so instead of 'any' it can only access host 'x.x.x.150'
Save to flash and I try out the VPN, no authentication problems, get an IP OK but I can contact any host via icmp.
When the user is connected via the VPN, if I do a 'show access-list' on the CLI I notice there is a rule that doesnt show in PDM:
access-list dynacl173 line 1 permit any host 192.168.254.21 (hitcnt=11)
.21 is the first usable IP in the pool I've created for this VPN.
Once the user has disconnected, the rule disapears from 'show access-list' and is never to be seen again; until the user reconnects.
What am I doing wrong?