10-23-2008 04:42 PM - edited 03-11-2019 07:02 AM
Remote pix need to access my local network I am not quite sure on ACL needed. Below is the e-mail received from the remote tech. Also my pix config is attached
I'm attempting to ping your NAT'd IP address and this is unreachable on our end. Please be sure that your security device allows traffic initiated from e-MDs as well.
10-23-2008 04:56 PM
Casey
Your VPN is setup so that any client in the 192.168.0.0/24 network will be natted to 172.24.176.9 when they try to connect to either 192.168.50.83 or 192.168.50.86.
But for them to be able to initiate a connection to you you need to statically map an ip address. So what remote IP are they trying to ping. If they are trying to ping 172.24.176.9 and the tunnel is not up then your firewall has no way of knowing which 192.168.0.x address the 172.24.176.9 address is meant to NAT to.
Hopefully this makes sense. What IP address are they trying to get to ie. what internal server do they want to access 192.168.0.??
Jon
10-24-2008 03:18 AM
I the internal server they want to access is 192.168.0.9.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide