https://community.cisco.com/t5/network-security/problem-with-pix-500/m-p/1468253#M635146 <P>I have a pix 500 firewall box.</P><P></P><P>I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.</P><P></P><P>Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0</P><P></P><P>I added an access list as given below</P><P></P><P></P><P class="MsoListParagraph"><SPAN>access-list bastion permit <STRONG>ip</STRONG> 10.255.1.0 255.0.0.0 host 10.40.1.16</SPAN></P><P></P><P><SPAN>access-list bastion permit <STRONG>ip</STRONG> 10.40.1.16 host 10.255.1.0</SPAN></P><P></P><P></P><P>But when add this list " access-list bastion permit <STRONG>ip</STRONG> 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message </P><P></P><P></P><P class="MsoNormal"><SPAN>access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0</SPAN></P><P class="MsoNormal"><SPAN>ERROR: Global address,mask &lt;10.255.1.0,255.255.0.0&gt; doesn't pair</SPAN></P><P class="MsoNormal"><SPAN>Type help or '?' for a list of available commands.</SPAN></P><P></P><P class="MsoNormal"></P><P class="MsoNormal">Can someone help me to rectify this problem?</P><P class="MsoNormal"></P><P class="MsoNormal">Regards</P><P class="MsoNormal">Tonio</P> Mon, 11 Mar 2019 17:56:42 GMT toniogeorge 2019-03-11T17:56:42Z https://community.cisco.com/t5/network-security/problem-with-pix-500/m-p/1468253#M635146 <P>I have a pix 500 firewall box.</P><P></P><P>I have a system which is on DMZ and IP is 10.40.1.16, there is webserver running on this.</P><P></P><P>Whenever VPN users connect to VPN they are unable to access this system. But the moment they disconnect VPN they are able to connect because it is routed with a public IP. I want VPN users to access this system without disconnecting VPN ( I mean after they connect to VPN ). VPN IP is 10.255.1.0</P><P></P><P>I added an access list as given below</P><P></P><P></P><P class="MsoListParagraph"><SPAN>access-list bastion permit <STRONG>ip</STRONG> 10.255.1.0 255.0.0.0 host 10.40.1.16</SPAN></P><P></P><P><SPAN>access-list bastion permit <STRONG>ip</STRONG> 10.40.1.16 host 10.255.1.0</SPAN></P><P></P><P></P><P>But when add this list " access-list bastion permit <STRONG>ip</STRONG> 10.255.1.0 255.0.0.0 host 10.40.1.16 " I receive an error message </P><P></P><P></P><P class="MsoNormal"><SPAN>access-list nonat permit ip 10.255.1.0 255.255.0.0 10.40.1.16 255.255.0.0</SPAN></P><P class="MsoNormal"><SPAN>ERROR: Global address,mask &lt;10.255.1.0,255.255.0.0&gt; doesn't pair</SPAN></P><P class="MsoNormal"><SPAN>Type help or '?' for a list of available commands.</SPAN></P><P></P><P class="MsoNormal"></P><P class="MsoNormal">Can someone help me to rectify this problem?</P><P class="MsoNormal"></P><P class="MsoNormal">Regards</P><P class="MsoNormal">Tonio</P> Mon, 11 Mar 2019 17:56:42 GMT https://community.cisco.com/t5/network-security/problem-with-pix-500/m-p/1468253#M635146 toniogeorge 2019-03-11T17:56:42Z https://community.cisco.com/t5/network-security/problem-with-pix-500/m-p/1468254#M635147 <HTML><HEAD></HEAD><BODY><P>It appears you are trying a wildcard mask instead of the regular mask.</P><P></P><P><SPAN>access-list bastion permit <STRONG>ip</STRONG> 10.255.1.0 255.255.255.0 host 10.40.1.16</SPAN></P><P></P><P>Try the above.</P><P></P><P>-KS</P></BODY></HTML> Wed, 09 Jun 2010 11:22:11 GMT https://community.cisco.com/t5/network-security/problem-with-pix-500/m-p/1468254#M635147 Kureli Sankar 2010-06-09T11:22:11Z