Can connect to PIX 501 with VPN client and ping internal addresses but some issues

Scenario: Internet---x.x.x.x---ADSL-- ( I have to use the ADSL with NAT (and not bridge) as provider does not

support PPPoE only PPPoA I can connect with Cisco VPN client 4.0.3(C) I can ping/telnet to any address on network What I can't do is map a drive to any of the other XP hosts on the 10.

0.0.0 network I also get the following occurring within the log "No route to 10.1.2. 255 from" Main parts of the config are posted below. Questions:
  1. Why the error "No route to from" ?
  2. Although I can remote desktop, I tried to mount a network drive to another XP box which failed. Log shows: UDP request discarded from to inside: So is there something we need to do to get all traffic to access anything on (and vice versa)
  3. Are the following required in order to get to the network once connected via VPN using pool ? (tried lots to get things to work and not sure if this is required or not, but main functionality is finally working and posting this via vpn) access-list outside_crypto permit ip any crypto dynamic-map dynmap 10 match address outside_crypto
  4. Any glaring problems/things that should be changed/removed?
  5. Above is the main requirement. I also have an issue getting "no translation group found" when trying to connect via Putty to 10.0.0.
35 (Dune) using SSH tunnel on port 443. ADSL modem has NAT/PAT set to forward to (Dune) incoming 443 outgoing 443 tried various options and currently: access-list outside_access_in permit ip any host Dune static (inside,outside) tcp interface https Dune https netmask 255. 255.255.255 0 0 What do I need to do for this to work/remove the "no translation group found" issue? (I don't have immediate access now, so may post a seperate query on this if there's no "simple" answer.

Thanks, Mark PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 domain-name fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name Dune access-list outside_access_in permit ip interface inside log access-list outside_access_in permit ip any host Dune access-list outside_access_in permit tcp any interface outside eq https access-list 101 permit ip 255.255.255.

0 access-list outside_crypto permit ip any icmp permit any inside mtu outside 1500 mtu inside 1500 ip address outside ip address inside ip local pool ippool mask pdm location Dune inside pdm location inside pdm location outside pdm location outside pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0 0 static (inside,outside) tcp interface https Dune https netmask 255. 255.255.255 0 0 access-group outside_access_in in interface outside rip inside default version 2 route outside 1 management-access insidetelnet insidehttp 10.1. 2.0 inside floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set myset esp-des esp-md5-hmac crypto dynamic-map dynmap 10 match address outside_crypto crypto dynamic-map dynmap 10 set transform-set myset crypto map mymap 10 ipsec-isakmp dynamic dynmap crypto map mymap interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup vpn3000 address-pool ippool vpngroup vpn3000 dns-server vpngroup vpn3000 wins-server vpngroup vpn3000 default-domain vpngroup vpn3000 idle-time 1800 vpngroup vpn3000 password ******** telnet inside telnet timeout 60 ssh timeout 5 console timeout 0 dhcpd address inside dhcpd dns dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside
Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.