Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
1
Replies

Unable to reach internal server usnig VPN

xtech
Level 1
Level 1

‎02-06-2006 10:12 AM - edited ‎02-21-2020 02:14 PM

Hi,

I have set up a Cisco VPN client, and it connects fine. However, I cannot browse to the local server, or ping it either once connected. I have setup a RDP through the firewall and that part works fine. I am including the sh route info plus the config. What am I missing?

Thanks - Wayne

Result of firewall command: "sh route"

outside 0.0.0.0 0.0.0.0 1.1.1.2 1 OTHER static

inside 10.0.0.0 255.255.255.0 10.0.0.1 1 CONNECT static

inside 10.0.0.103 255.255.255.255 10.0.0.1 1 OTHER static

outside 1.1.1.1 255.255.255.248 1.1.1.2 1 CONNECT static

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

names

access-list acl_out permit tcp any any eq 3389

access-list inside_outbound_nat0_acl permit ip any 10.0.0.192 255.255.255.224

access-list outside_cryptomap_dyn_20 permit ip any 10.0.0.192 255.255.255.224

ip address outside 1.1.1.1 255.255.255.248

ip address inside 10.0.0.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool pool1 10.0.0.200-10.0.0.210

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) tcp interface 3389 10.0.0.103 3389 netmask 255.255.255.255 0 0

access-group acl_out in interface outside

route outside 0.0.0.0 0.0.0.0 1.1.1.2 1

route inside 10.0.0.103 255.255.255.255 10.0.0.1 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp nat-traversal 20

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup paisleyvpn address-pool pool1

vpngroup paisleyvpn dns-server 208.39.158.2 64.56.37.246

vpngroup paisleyvpn idle-time 1800

vpngroup paisleyvpn password ********

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 10.0.0.104-10.0.0.150 inside

dhcpd dns 208.39.158.2 64.56.37.249

dhcpd lease 86400

dhcpd ping_timeout 750

dhcpd enable inside

Labels:
0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎02-07-2006 10:47 AM

Hello,

Try changeing your access-lists as follows:

access-list inside_outbound_nat0_acl permit ip 10.0.0.0 255.255.255.0 10.0.0.192 255.255.255.224

access-list outside_cryptomap_dyn_20 permit ip 10.0.0.0 255.255.255.0 10.0.0.192 255.255.255.224

Patrick

0 Helpful
Customers Also Viewed These Support Documents