01-24-2006 08:00 AM
Hello!
I have PIX515 with OS 7.0(4) in spoke connect (only one interface(inside) for inbound and outbound traffic). I connect with ciscoVPN client v4.0.3. Connections FROM vpnclient to other nets are OK. Then I want to permit connections from specified nets TO vpnclient (for example inbound ftp connect or simple ping vpnclient ip-address), but it's not work. I have access-list with "pemit ip any any" applied in interface inside. The same with traceroute from vpnclient (icmp ttl-exceeded denied on pix).
How to permit this traffic?
thanks a lot!
01-27-2006 07:35 PM
Hello,
per default there is a personal firewall on the client, which prevents access to the client. You can disable it under "Options -> Stateful firewall (always on)".
Hope this helps! Please rate all posts.
Regards, Martin
01-30-2006 12:14 AM
No, statefull failover is OFF
and traffic to cliect denied by PIX (as i can see in logs)
How to force PIX to permit this traffic? from specified nets and nodes to client.
Thanks
02-03-2006 01:13 PM
What does the PIX log message say? If it mentions something like "no xlate" then you have a NAT problem. If it says something about "denied by ACL" then it's an access-list problem. If it's something else, hopefully it'll be enough to point in the right direction.
HTH
Dana
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: