I have PIX515 with OS 7.0(4) in spoke connect (only one interface(inside) for inbound and outbound traffic). I connect with ciscoVPN client v4.0.3. Connections FROM vpnclient to other nets are OK. Then I want to permit connections from specified nets TO vpnclient (for example inbound ftp connect or simple ping vpnclient ip-address), but it's not work. I have access-list with "pemit ip any any" applied in interface inside. The same with traceroute from vpnclient (icmp ttl-exceeded denied on pix).
per default there is a personal firewall on the client, which prevents access to the client. You can disable it under "Options -> Stateful firewall (always on)".
What does the PIX log message say? If it mentions something like "no xlate" then you have a NAT problem. If it says something about "denied by ACL" then it's an access-list problem. If it's something else, hopefully it'll be enough to point in the right direction.
HTH
Dana
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
