I have users utilizing a VPN 3000, trying to route through a PIX 515 firewall to get to our network. They can authenticate to the Concentrator, but not get through to our network. On the PIX, I have ethernet2 labeled VPN and ehternet3 labeled DMZ. I think there's something missing in the translation. This was someone else's project and I have it now. The PIX is configured with IP's, and some access-list statements, and that's about it. I've attached a simple little diagram, if it helps. Any assistance would be greatly appreciated. Thank you in advance.
This acl line is allowing traffic from source network of 172.16.0.0/24 to a destination network of 10.0.16.0/24.
I am assuming this acl is applied to the interface of which the VPN concentrator is connected. Is there another acl tide to the other interface that allows the return traffic? Has this ever worked before or is this a new project? Which interface has a higher security number level?
I'm going to start from scratch and not pay attention to the previous posts. I'm assuming that you want to pass the traffic from the 172.16.0.0/24 network to the 10.0.16.0/24 network without haveing to hide the 10.0.16.0 address's from the 172.16.0.0 vpn hosts.
The following requriments are needed ACL incomming on the DMZ interface. NAT statement telling the 10.0.16.0 network not to change its address to the DMZ and if there is an ACL in the inside interface to permit traffic to the DMZ.
Specific commands to use:
static (inside, dmz) 10.0.16.0 10.0.16.0 mask 255.255.255.0 !This gives the dmz unaltered access to 10.0.16.0 network
access-list DMZ_IN permit ip 172.16.0.0 255.255.255.0 10.0.16.0 255.255.255.0
!This line will allow the VPN DMZ devices to initiate connections to the 10.0.16 servers with.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :