Permitting VPN access through PIX to 2000 server

daniel.bowen · ‎11-21-2002

I have a company wanting to connect their Cisco VPN server to our Cisco VPN client. I have a Cisco PIX on our network running NAT and I cannot seem to get this app working.

I have put the following acl entry in

access-list acl_one permit ip any host 190.12.54.5

The following NAT entry in

static(dmz,outside) 190.12.54.5 10.10.7.7 netmask 255.255.255.255 0 0

The VPN software connects, but I cannot ping their machine or run anything over the VPN.

Any ideas would be great

Daniel,

kdurrett · ‎11-21-2002

Did you apply this access list to your outside interface? What address are your trying to ping and from where? Are you pinging from the client to the vpn gateways internat network? What type of device is the vpn gateway? Do you see any encrypts on your client? How about decrypts/encrypts on the vpn gateway?

"their Cisco VPN server to our Cisco VPN client" this dont work that way, you will have to connect your client to their server.

Kurtis Durrett

daniel.bowen · ‎11-21-2002

The acl is applied to the outside interface yes and set inbound.

I am trying to ping their internal network address (not routable)

I have no idea what gateway they have.

I tried this by connecting as modem to the client and dialiing freeserve and it worked this way.

thanks for your response !!

Daniel,

kdurrett · ‎11-21-2002

So when connecting through the LAN, do you get encrypts on your client? Can you find out if your getting decrypts/encrypts on there gateway? How about a clear xlate on your pix? Any other firewalls being traversed?

Kurtis Durrett