Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
3
Replies

Permit access TO vpn client

aliver
Level 1
Level 1

‎01-24-2006 08:00 AM

Hello!

I have PIX515 with OS 7.0(4) in spoke connect (only one interface(inside) for inbound and outbound traffic). I connect with ciscoVPN client v4.0.3. Connections FROM vpnclient to other nets are OK. Then I want to permit connections from specified nets TO vpnclient (for example inbound ftp connect or simple ping vpnclient ip-address), but it's not work. I have access-list with "pemit ip any any" applied in interface inside. The same with traceroute from vpnclient (icmp ttl-exceeded denied on pix).

How to permit this traffic?

thanks a lot!

Labels:
0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎01-27-2006 07:35 PM

Hello,

per default there is a personal firewall on the client, which prevents access to the client. You can disable it under "Options -> Stateful firewall (always on)".

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

aliver
Level 1
Level 1
In response to mheusinger

‎01-30-2006 12:14 AM

No, statefull failover is OFF

and traffic to cliect denied by PIX (as i can see in logs)

How to force PIX to permit this traffic? from specified nets and nodes to client.

Thanks

0 Helpful

ddawson
Level 1
Level 1
In response to aliver

‎02-03-2006 01:13 PM

What does the PIX log message say? If it mentions something like "no xlate" then you have a NAT problem. If it says something about "denied by ACL" then it's an access-list problem. If it's something else, hopefully it'll be enough to point in the right direction.

HTH

Dana

0 Helpful
Customers Also Viewed These Support Documents