Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Permit access TO vpn client

Hello!

I have PIX515 with OS 7.0(4) in spoke connect (only one interface(inside) for inbound and outbound traffic). I connect with ciscoVPN client v4.0.3. Connections FROM vpnclient to other nets are OK. Then I want to permit connections from specified nets TO vpnclient (for example inbound ftp connect or simple ping vpnclient ip-address), but it's not work. I have access-list with "pemit ip any any" applied in interface inside. The same with traceroute from vpnclient (icmp ttl-exceeded denied on pix).

How to permit this traffic?

thanks a lot!

3 REPLIES

Re: Permit access TO vpn client

Hello,

per default there is a personal firewall on the client, which prevents access to the client. You can disable it under "Options -> Stateful firewall (always on)".

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: Permit access TO vpn client

No, statefull failover is OFF

and traffic to cliect denied by PIX (as i can see in logs)

How to force PIX to permit this traffic? from specified nets and nodes to client.

Thanks

Bronze

Re: Permit access TO vpn client

What does the PIX log message say? If it mentions something like "no xlate" then you have a NAT problem. If it says something about "denied by ACL" then it's an access-list problem. If it's something else, hopefully it'll be enough to point in the right direction.

HTH

Dana

132
Views
0
Helpful
3
Replies
CreatePlease to create content