I am able to VPN into my PIX from the Internet - I get an address from the local pool. But when I try to PING anything on the inside I get timeouts... I have tried different address pools - even one on the same subnnet as the inside interface; also tried split tunnel on & off - all results are the same... Can anyone spot the problem & advise ? TIA, Ned
*********** PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 ether2 security90 namesaccess-list 102 permit ip 172.29.0.0 255.255.0.0 192.168.2.0
255.255.255.0 access-list 102 permit ip 172.29.0.0 255.255.0.0 172.22.0.0 255.255.0.0 access-list 102 permit ip 172.29.0.0 255.255.0.0 172.30.0.0 255.255.0.0 access-list 102 permit ip 172.30.0.0 255.255.0.0 172.29.0.0 255.255.0.0 access-list 112 permit tcp any any eq www access-list 112 permit icmp any any access-list 112 permit tcp host 172.2.0.1 host 77.92.238.229 eq 3389 access-list 112 permit tcp host 172.22.0.1 host 77.92.238.229 eq 3389 access-list 112 permit ip any anyip address outside 77.92.238.226 255.255.255.248 ip address inside 172.29.11.254 255.255.0.0 no ip address ether2 ip audit info action alarm ip audit attack action alarm ip local pool LAN1vpn 192.168.2.1-192.168.2.100 ip local pool mypool1 172.22.0.1-172.22.0.6 ip local pool mypool2 172.29.11.1-172.29.11.6 pdm history enable arp timeout 14400 global (outside) 1 77.92.238.227 nat (inside) 0 access-list 102 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 77.92.238.229 172.29.11.250 netmask
255.255.255.255 0 0access-group 112 in interface outside route outside 0.0.0.0 0.0.0.0 77.92.152.1 1 route inside 172.30.0.0 255.255.0.0 172.29.11.253 1
no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set trns1 esp-3des esp-sha-hmac crypto ipsec transform-set trmset1 esp-3des esp-sha-hmac crypto dynamic-map map2 10 set transform-set trmset1 crypto map map1 10 ipsec-isakmp dynamic map2 crypto map map1 interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400
vpngroup user5 address-pool LAN1vpn vpngroup user5 idle-time 600 vpngroup user5 password ******** vpngroup user6 address-pool mypool1 vpngroup user6 split-tunnel 102 vpngroup user6 idle-time 600 vpngroup user6 password ******** vpngroup user7 address-pool mypool2 vpngroup user7 split-tunnel 102 vpngroup user7 idle-time 600 vpngroup user7 password ********
console timeout 0 dhcpd address 172.29.50.1-172.29.50.200 inside dhcpd dns 162.23.132.10 162.23.132.11 dhcpd lease 3000 dhcpd ping_timeout 1000 dhcpd enable inside
******************* ixfirewall(config)# 32: ICMP echo-request from outside:172.29.11.1 to 172.29.11 .254 ID=1280 seq=2304 length=40 33: ICMP echo-request from outside:172.29.11.1 to 172.29.11.254 ID=1280 seq=2560 length=40 34: ICMP echo-request from outside:172.29.11.1 to 172.29.11.254 ID=1280 seq=2816 length=40 ***********************8