Network Access Behind VPN PIX

- H
- Hemat Maheshwari
  
  Contact options for registered users
posted
18 years ago

Sat, Apr 22, 2006 4:15 AM

- I m using Pix 525 and Cisco VPN Clinet on XP. I am successly able to establsihed the connection. A remote user throug modem / ISP is able to connect to my pix firewall after the authenticaiton from AAA server. On successful connection, a IP address is alloted to the remote client from the Pool, but the client is not able to ping the internal network.

Internal network 172.16.1.0 /24 Pool Network 172.16.2.0 /24

Which access list should I apply so that the remote clinet (POOL) can access the Intennal network ( Domain server, Mail Server) and what other services can I use.

Loading thread data ...

- I
- info
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sun, Apr 23, 2006 8:17 PM

By default PIX blocks from a higher security to lower security interface. With Access VPN, even though you have successfully connected and gotten and address you still have to have an ACL to permit traffic to Inside. Try an Any-Any ACL with a Source address of

172.16.2.0/24. Apply it from Outside to Inside. It is easiest to do this with the PDM GUI tool on the PIX.

Steve Griffin

formatting link

(Bluetooth Wireless Console Cable)

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.