01-02-2007 06:58 AM - edited 03-11-2019 02:14 AM
I am trying to configure my pix 515 to route internet traffic to the DSL (ethernet0) and establish a vpn with corporate through a T1 (ethernet2). Internet works fine but the vpn tunnel will not establish. Here is a bit of my config:
global (outside) 1 interface
global (intranet) 2 interface
nat (inside) 0 access-list no_nat
nat (inside) 1 x.x.x.x 255.255.0.0 0 0
nat (intranet) 1 access-list no_nat
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group intranet_access_in in interface intranet
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route intranet x.x.x.x 255.0.0.0 x.x.x.x 1
route intranet x.x.x.x 255.255.0.0 x.x.x.x 1
I am completely lost (brain freeze on this). What am I doing wrong? Thanks for any input.
01-02-2007 07:22 AM
I am not sure that there is enough here for us to find the problem. For example your nat statements refer to inside but you do not show how the inside is configured. Your nat(intranet) references access list no_nat but you do not show us the access list. You also do not show anything about how the VPN is configured.
If you give us enough of the config (changing sensitive details) perhaps we can help you find the problem.
HTH
Rick
01-02-2007 07:50 AM
Here are my acls:
access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 log
access-list outside_access_in remark -- vpn rules
access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log
access-list outside_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log
access-list ipsec_from_ftw permit ip x.x.x.x 255.255.0.0 x.x.x.x 255.255.0.0 log
access-list ipsec_from_ftw permit ip x.x.x.x 255.255.0.0 x.x.x.x 255.255.0.0 log
access-list no_nat permit ip x.x.x.x 255.0.0.0 x.x.x.x 255.0.0.0
access-list inside_access_in permit tcp x.x.x.x 255.255.0.0 any
access-list inside_access_in permit udp any any
access-list inside_access_in permit tcp any any
access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 log
access-list intranet_access_in remark -- vpn rules
access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log
access-list intranet_access_in permit tcp x.x.x.x 255.255.255.0 x.x.x.x 255.255.0.0 eq xx log
Do you need to see my cryptomaps? What part of the config do you need to see how the inside is configured? Thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide