02-06-2006 10:12 AM - edited 02-21-2020 02:14 PM
Hi,
I have set up a Cisco VPN client, and it connects fine. However, I cannot browse to the local server, or ping it either once connected. I have setup a RDP through the firewall and that part works fine. I am including the sh route info plus the config. What am I missing?
Thanks - Wayne
Result of firewall command: "sh route"
outside 0.0.0.0 0.0.0.0 1.1.1.2 1 OTHER static
inside 10.0.0.0 255.255.255.0 10.0.0.1 1 CONNECT static
inside 10.0.0.103 255.255.255.255 10.0.0.1 1 OTHER static
outside 1.1.1.1 255.255.255.248 1.1.1.2 1 CONNECT static
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
names
access-list acl_out permit tcp any any eq 3389
access-list inside_outbound_nat0_acl permit ip any 10.0.0.192 255.255.255.224
access-list outside_cryptomap_dyn_20 permit ip any 10.0.0.192 255.255.255.224
ip address outside 1.1.1.1 255.255.255.248
ip address inside 10.0.0.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pool1 10.0.0.200-10.0.0.210
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 10.0.0.103 3389 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
route inside 10.0.0.103 255.255.255.255 10.0.0.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup paisleyvpn address-pool pool1
vpngroup paisleyvpn dns-server 208.39.158.2 64.56.37.246
vpngroup paisleyvpn idle-time 1800
vpngroup paisleyvpn password ********
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.104-10.0.0.150 inside
dhcpd dns 208.39.158.2 64.56.37.249
dhcpd lease 86400
dhcpd ping_timeout 750
dhcpd enable inside
02-07-2006 10:47 AM
Hello,
Try changeing your access-lists as follows:
access-list inside_outbound_nat0_acl permit ip 10.0.0.0 255.255.255.0 10.0.0.192 255.255.255.224
access-list outside_cryptomap_dyn_20 permit ip 10.0.0.0 255.255.255.0 10.0.0.192 255.255.255.224
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide