Cannot Ping inside network

cempuerto · ‎11-08-2008

Hi,

I need help with a PIX 501 configuration. Problem is i cannot ping inside network using client VPN.Client VPN version that i am using is 5.0. Attached file is my configuration.Thanks in advance.

Regards,

Christian

acomiskey · ‎11-10-2008

no access-list test permit ip 10.1.1.0 255.255.255.0 192.168.11.0 255.255.255.0

isakmp nat-traversal

ajagadee · ‎11-10-2008

Hi Adam,

Just curious why the above access-list needs to be removed? Is it not the NAT 0 ACL for the L2L Traffic.

crypto map transam 1 ipsec-isakmp

crypto map transam 1 match address 101

crypto map transam 1 set peer x.x.x.x

access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.11.0 255.255.255.0

Regards,

Arul

acomiskey · ‎11-10-2008

Oops, my mistake, I stand corrected.

ajagadee · ‎11-10-2008

Hi Chris,

After you add this command "isakmp nat-traversal" as per Adam's suggestion and still have issues with connectivity from the VPN Client to the Pix Firewall, can you post the outputs of

Show cry is sa

Show cry ips sa

along with the Destination IP Address that you are trying to access.

Thanks,

Arul

*Pls rate if it helps*

cempuerto · ‎11-10-2008

Thanks so much for your time. I have solve the problem. I added several commands.

name 10.1.2.0 client

access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.11.0 255.255.255.0

access-list NoNAT permit ip 10.1.1.0 255.255.255.0 192.168.11.0 255.255.255.0

access-list NoNAT permit ip 10.1.1.0 255.255.255.0 client 255.255.255.0

access-list in_outside permit icmp any any

access-list outside_cryptomap_dyn_20 permit ip any client 255.255.255.0

crypto ipsec transform-set CSB esp-des esp-md5-hmac

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 match address outside_cryptomap_dyn_20

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside