Hello,

I got a pix 501 (6.3-4) over a lan and trying to use Cisco VPN Client (4.0.2-D) on a remote pc.

I can open a vpn session.

I can't ping from the remote pc to the lan

I can ping from any station on the lan to the remote pc

After I've made a ping from a station on the lan to the remote pc, I can ping from the remote pc to the lan.

I'm so newb, trying for 2 days modifying acls, no way.

I have to say that I'm in dynamic wan ip on the lan and on the remote pc.

Any idea about this problem ?

Any help is welcome.

Here is my pix configuration :

PIX Version 6.3(4)

interface ethernet0 10baset

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ************** encrypted

passwd ************* encrypted

hostname pixfirewall

domain-name ciscopix.com

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup .../...

fixup protocol tftp 69

names

name 192.168.42.0 Dmi

access-list inside_access_in permit ip any any

access-list inside_outbound_nat0_acl permit ip any 192.168.229.0 255.255.255.0

access-list outside_cryptomap_dyn_20 permit ip Dmi 255.255.255.0 192.168.229.32 255.255.255.224

access-list outside_cryptomap_dyn_20 permit icmp any any

pager lines 24

logging on

logging trap informational

mtu outside 1500

mtu inside 1500

ip address outside 209.x.x.x.255.255.224

ip address inside 192.168.42.40 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool dmivpndhcp 192.168.229.1-192.168.229.254

pdm location 192.168.229.1 255.255.255.255 outside

pdm location 209.165.x.x.x.255.255 inside

pdm location 209.x.x.x.255.255.255 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 209.165.200.225 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http Dmi 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server inside 192.168.42.100 /

floodguard enable

sysopt connection permit-ipsec

auth-prompt prompt pass

auth-prompt accept good

auth-prompt reject bad

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map dynmap 20 match address outside_cryptomap_dyn_20

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

isakmp enable outside

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash sha

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

vpngroup dmivpn address-pool dmivpndhcp

vpngroup dmivpn dns-server 192.168.42.20

vpngroup dmivpn wins-server 192.168.42.20

vpngroup dmivpn default-domain defi.local

vpngroup dmivpn idle-time 1800

vpngroup dmivpn password ********

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn username vpnuser password ********

vpdn enable outside

vpdn enable inside

dhcpd address 192.168.42.41-192.168.42.72 inside

dhcpd lease 3600

dhcpd ping_timeout 750

terminal width 80

Cryptochecksum:****************************