06-23-2005 06:41 AM - edited 02-21-2020 01:50 PM
I have a PIX 501 with a VPN in operation and all works OK using the VPN client software. I want to publish an exchange based webmail service as well and have used the access-list, access-group and static commands. The webmail works OK but now none og the VPN clients can connect. (remote peer not responding). Removing the Static command re-enables the VPN but obviously web mail dissappears. I'd love a solution to this as I have a pain in the neck with this.
Thanks!
06-23-2005 09:36 AM
The clients are vpn'ing to the pix, or a device behind it? IPSec or PPTP vpn?
What does your access list on the outside inteface look like? What do you have for sysopt commands enabled?
06-23-2005 11:00 PM
The Clients are vpn'ing to the PIX over IPSEC. The VPN was setup using the wizard in the cisco PDM.
Here are the various other commands.
sysopt connection permit-ipsec.
Static (inside,outside) Ext-IP Int-IP 0 0
Access-list 101 permit tcp any host Ext-IP eq www
Access-Group 101 in interface outside
I'm sure this is very simple. it seems such a reasonalbe request. The only thing I can think of here is that the static command is causing all traffic to be redirected to the Internal IP - even vpn traffic.
Thanks!
06-30-2005 07:41 AM
Got it sorted.
Just used a static command with PAT specifying 80.
No access lists needed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide