Been struggling with this for over a week now, using some of the forum posts and docs to resolve - getting close...so any help is much appreciated.
I'm using a PIX 501 to provide vpn access to my internal network. I've gotten the configuration to the point where I can connect to the VPN from the Internet but once I do so I cannot rdp, map a drive, etc. to any servers. I can ping the outside interface of the pix when connected via VPN, but that's it.
The configuration is:
Internet --> dlink dir-625 (forwarding to pix, inside ip is 10.1.1.1) --> pix (outside is 10.1.1.150, inside is 192.168.1.1)
When I have a device plugged into the pix directly it gets a 192.168.1.x address and can access everything on 10.1.1.x fine. I don't see anything that idicates errors in the pdm log or in the ipsec logging that I enabled - I used to get "no route from x to y" but I don't see them anymore with the current config which is attached. Thanks for any tips!
access-list 101 permit ip any 192.168.2.0 255.255.255.0
This is the nat statement:
nat (inside) 0 access-list 101
I've checked the command reference and don't see where the acl 101 should be directly referenced in a crypto statement. And the vpngroup statements only reference the acl for the split tunnel line (I've changed that to reference acl 101 - it was 102 in what I posted). Sorry to be so dense but it seems like these statements are in there...Thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :