05-09-2002 02:43 PM - edited 03-08-2019 10:35 PM
PIX 501---
I have hosts (6) of them right off the inside interface, I got one host that has an ip of 192.168.30.10 I want this host to be able to reach the outside i.e. internet.
I also have clients on the outside who access the 192.168.30.10 via Cisco VPN client 3000 - This works fine.. The outside can access the hosts inside fine via VPN Cisco client3000.
NOW.. I can not from the hosts inside (192.168.30.10) access the internet - how do I do this??? I have tried everything.. the nat (inside) 1 0.0.0.0 0.0.0.0 the global cmd but the inside host still can not get outside.
When I do a debug packet ouside it looks as if the packets are encrypted..
anybody know how to make this work??
-jeff
05-10-2002 12:26 AM
It difficult to say without atleast seeing part of your config. Could you paste the relevant bit so that we analyze it i.e the global cmd used, any outbound filter used, default routes etc. Otherwise we'll be suggesting things that you might have already done - it will safe you time.
05-29-2002 09:36 PM
You have an ACL associated with the IPSEC tunnel, like below:
access-list IPSec34 deny IP HOST 192.168.30.10 any
access-list IPSec34 permit ip any {to Cisco VPN 3000 address}
crypto map mymap 34 ipsec-isakmp
crypto map mymap 34 match address IPSec34
crypto map mymap 34 set peer {Cisco VPN 3000 address}
crypto map mymap 34 set transform-set myTransform
As you see we exclude traffic from your host from being pulled into the tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide