Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Someone has got to know this!!!

PIX 501---

I have hosts (6) of them right off the inside interface, I got one host that has an ip of 192.168.30.10 I want this host to be able to reach the outside i.e. internet.

I also have clients on the outside who access the 192.168.30.10 via Cisco VPN client 3000 - This works fine.. The outside can access the hosts inside fine via VPN Cisco client3000.

NOW.. I can not from the hosts inside (192.168.30.10) access the internet - how do I do this??? I have tried everything.. the nat (inside) 1 0.0.0.0 0.0.0.0 the global cmd but the inside host still can not get outside.

When I do a debug packet ouside it looks as if the packets are encrypted..

anybody know how to make this work??

-jeff

2 REPLIES
New Member

Re: Someone has got to know this!!!

It difficult to say without atleast seeing part of your config. Could you paste the relevant bit so that we analyze it i.e the global cmd used, any outbound filter used, default routes etc. Otherwise we'll be suggesting things that you might have already done - it will safe you time.

New Member

Re: Someone has got to know this!!!

You have an ACL associated with the IPSEC tunnel, like below:

access-list IPSec34 deny IP HOST 192.168.30.10 any

access-list IPSec34 permit ip any {to Cisco VPN 3000 address}

crypto map mymap 34 ipsec-isakmp

crypto map mymap 34 match address IPSec34

crypto map mymap 34 set peer {Cisco VPN 3000 address}

crypto map mymap 34 set transform-set myTransform

As you see we exclude traffic from your host from being pulled into the tunnel.

99
Views
0
Helpful
2
Replies