How to give access a complete subnet

Amardeep Kumar · ‎03-24-2011

HI

I want to give access to remote subnet on firewall 5505. Can you please help me how to do it...

Remote subnet is 16x.15X.56.0

Here is my access list

access-list outside_5_cryptomap extended permit ip 192.168.12.0 255.255.254.0 16x.15X.56.0 255.255.254.0

Thanks

Amardeep K

PAUL GILBERT ARIAS · ‎03-24-2011

you need to provide more details. This is VPN traffic? Your ACL seems fine but should should also look at the ACL for NAT.

Amardeep Kumar · ‎03-24-2011

yes , this is vpn traffic, remote user is gettign ipsec traffic on his end but nothing is happening on my end..

Thanks

Amardeep K

PAUL GILBERT ARIAS · ‎03-24-2011

did you created the ACL for NAT Exempt? It should be a similar line as the one for interesting traffic.

Amardeep Kumar · ‎03-24-2011

HI

Here is that acl you are talking about .

access-list 101 extended permit ip 192.168.12.0 255.255.254.0 16x.15x.56.0 255.255.254.0

Thanks

Amardeep Rana

PAUL GILBERT ARIAS · ‎03-24-2011

is that ACL applied to a NAT (inside) 0 ?

Can you add the config? Based on the two lines your VPN should work. Your VPN works for other subnets?

Amardeep Kumar · ‎03-24-2011

HI

Here is that

global (outside) 1 interface
nat (inside) 0 access-list 101

Thanks

Amardeep K

PAUL GILBERT ARIAS · ‎03-24-2011

with the information provided it should work. The other end should have a mirror of your ACLs