I am trying to get clients runnign Cisco VPN software to connect to my internal network. currently the clients can connect and authenticate ok
but can't see anything on the inside network.
PIX Version 6.3(1) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password Gn7cdoayw6QM/xoG encrypted passwd Gn7cdoayw6QM/xoG encrypted hostname PIX515e domain-name rockeagle clock timezone EST -5 clock summer-time EDT recurring fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names name 168.24.225.12 Relabserver name 168.24.225.19 Steve name 168.24.225.21 Tina name 168.24.225.20 Tandberg name 168.24.224.0 Rockeagle name 168.24.225.11 Userfiles name 168.24.225.18 Cory access-list outside_access_in remark FTP access to Userfiles access-list outside_access_in permit tcp any host Userfiles eq ftp access-list outside_access_in remark Full TCP access to Tandberg access-list outside_access_in permit tcp any host Tandberg access-list outside_access_in remark Full TCP access to Tandberg for h323 access-list outside_access_in permit tcp any host Tandberg eq h323 access-list outside_access_in remark Full UDP access to Tandberg access-list outside_access_in remark access-list outside_access_in permit udp any host Tandberg access-list outside_access_in remark Full http access to Userfiles access-list outside_access_in permit tcp any host Userfiles eq www access-list outside_access_in remark Full ftp access to Relabserver access-list outside_access_in permit tcp any host Relabserver eq ftp access-list outside_access_in remark WWW access to Relabserver access-list outside_access_in remark access-list outside_access_in permit tcp any host Relabserver eq www access-list outside_access_in remark Allow tcp traffic to Tandberg for range 5555 to 5599 access-list outside_access_in remark access-list outside_access_in permit tcp any host Tandberg range 5555
5599 access-list outside_access_in remark Allow tcp traffic to Tandberg for range 3230 to 3235 access-list outside_access_in remark access-list outside_access_in permit tcp any host Tandberg range 3230 3235 access-list outside_access_in remark Allow udp traffic to Tandberg for range 2325 to 2387 access-list outside_access_in remark access-list outside_access_in permit udp any host Tandberg range 2325 2387 access-list outside_access_in remark Allow udp traffic to Tandberg for range 3220 to 3247 access-list outside_access_in remark access-list outside_access_in permit udp any host Tandberg range 3220 3247 access-list outside_access_in remark FTP access to Tina access-list outside_access_in permit tcp any host Tina eq ftp access-list outside_access_in remark PPTP for VPN to RELABSERVER access-list outside_access_in permit tcp any host Relabserver eq pptp access-list outside_access_in remark GRE for VPN on RELABSERVER access-list outside_access_in permit tcp any host Relabserver eq 47 access-list outside_access_in remark PCAnywhere access to Userfiles access-list outside_access_in permit tcp any host Userfiles eq pcanywhere-data access-list outside_access_in permit esp any any access-list outside_access_in permit gre any any access-list outside_access_in permit tcp any eq pptp host Relabserver access-list inside_outbound_nat0_acl permit ip any 168.24.224.240 255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 168.24.224.240 255.255.255.240 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 168.24.192.141 255.255.255.248 ip address inside 168.24.224.1 255.255.254.0 ip audit info action alarm ip audit attack action alarm ip local pool VPN Cory ip local pool Steve Steve ip local pool VPNAdd 168.24.224.245-168.24.224.249 failover failover timeout 0:00:00 failover poll 15 failover ip address outside 168.24.192.142 failover ip address inside 168.24.224.2 pdm location Rockeagle 255.255.254.0 inside pdm location Userfiles 255.255.255.255 inside pdm location Relabserver 255.255.255.255 inside pdm location Cory 255.255.255.255 inside pdm location Steve 255.255.255.255 inside pdm location Tina 255.255.255.255 inside pdm location 168.24.225.0 255.255.255.0 inside pdm location Tandberg 255.255.255.255 inside pdm location 192.168.1.1 255.255.255.255 inside pdm location 192.168.1.0 255.255.255.0 inside pdm location 72.152.146.187 255.255.255.255 outside pdm location 128.192.83.0 255.255.255.0 outside pdm location 168.24.224.240 255.255.255.240 outside pdm logging informational 100 pdm history enable arp timeout 14400 nat (inside) 0 access-list inside_outbound_nat0_acl static (inside,outside) Relabserver Relabserver netmask 255.255.255.255 0 0 static (inside,outside) Rockeagle Rockeagle netmask 255.255.254.0 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 168.24.192.137 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local ntp server 132.163.4.101 source outside http server enable http 72.152.146.187 255.255.255.255 outside http 128.192.83.0 255.255.255.0 outside http Rockeagle 255.255.254.0 inside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community rockeagle no snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt connection permit-pptp sysopt connection permit-l2tp crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup state address-pool VPNAdd vpngroup state dns-server Userfiles 128.192.110.221 vpngroup state wins-server Userfiles 128.192.1.31 vpngroup state default-domain rockeagle vpngroup state idle-time 1800 vpngroup state password ******** telnet 72.152.146.186 255.255.255.255 outside telnet Rockeagle 255.255.254.0 inside telnet timeout 5 ssh 72.152.146.186 255.255.255.255 outside ssh timeout 5 management-access inside console timeout 0 vpdn username a password ********* vpdn username b password ********* vpdn enable outside dhcprelay server Userfiles inside dhcprelay enable outside terminal width 80 Cryptochecksum:1e38b95a71ebb4117009e37fdb1495e8 : end