I have a PIX 6.3 that I am trying to establish a tunnel to a remote site.
I am getting the following error:
106011: Deny inbound (No xlate) tcp src inside:10.11.150.1/1673 dst inside:10.79.15.3/5202
A couple of questions about the config pieces below:
Shouldn't there be a NAT 0 statement for the global 0 statements?
Shouln't the route outside prevent the traffic from trying to re-enter the inside interface?
access-list translation2 permit ip host 10.11.150.1 10.79.8.0 255.255.248.0
route outside 10.79.8.0 255.255.248.0 24.68.101.214 1
access-list die permit ip 10.91.6.0 255.255.255.240 10.79.8.0 255.255.248.0
global (outside) 1 interface
global (inside) 3 172.32.255.254
global (B) 1 192.168.201.254
global (C) 1 192.168.203.3
global (ftp) 1 10.1.40.249
nat (outside) 0 access-list nonatoutside outside
nat (outside) 3 access-list p outside 0 0
nat (inside) 0 access-list NO_NAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (B) 1 192.168.201.0 255.255.255.0 0 0
static (inside,outside) 10.91.6.2 access-list translation2 0 0
route inside 172.16.250.4 255.255.255.255 10.1.73.254 1
route inside 172.16.254.0 255.255.255.0 10.1.73.254 1
route inside 192.168.102.0 255.255.255.0 10.1.73.254 1
route inside 192.168.207.0 255.255.255.0 10.1.73.254 1
route outside 10.79.8.0 255.255.248.0 206.113.198.65 1
crypto map p 30 ipsec-isakmp
crypto map p 30 match address die
crypto map p 30 set peer 12.34.56.78
crypto map p 30 set transform-set 3dessha
isakmp enable outside
isakmp enable inside