hello, im a UNIX system admin and sometimes i have to put my hands on cisco stuff. Usually i can do it reading docs online, but this time im really desperate. I hope someone here can help me to solve my problem... :-)
Im unsing a pix 515E with firmware 8.0.2
SERVER FARM X.X.X.X | | ADSL | | 192.168.69.30 OFFICE LAN (addresses 192.168.69.0/24) | | | PIX 515E (internal address 192.168.69.253, extern Y.Y.Y.Y) | | INTERNET
So we have an ADSL link that connects our office LAN to a server farm, (our LAN has addresses of this kind: 192.168.69.X), we are connected to Internet using a second ADSL link. What we need is to reach the servers in the server farm using the pix vpn. I put a static route in the pix configuration but its not working when i connect to the pix using the vpn. And when im am in the LAN, i have to manually insert in my pc the static route that sends all traffic to X.X.X.X via 192.168.69.30. I dont understand what is wrong, could you please help me?
PIX Version 8.0(2) ! hostname PIXNSC domain-name xxxxxxxxx enable password RKODEhJ1uwKzCJ1e encrypted names ! interface Ethernet0 nameif outside security-level 0 ip address Y.Y.Y.Y 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.69.253 255.255.255.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! passwd ************** encrypted ftp mode passive dns server-group DefaultDNS domain-name nscsrl.it access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq www access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq pop3 access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq 5222 access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq 5223 access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq https access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq smtp access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq 995 access-list outside_access_in extended permit tcp any host Y.Y.Y.140 eq 465 access-list outside_access_in extended permit tcp host 85.18.117.122 host Y.Y.Y.139 eq ssh access-list outside_access_in extended permit tcp host 85.18.117.122 host Y.Y.Y.139 eq 3306 access-list outside_access_in extended permit tcp host 85.18.117.122 host Y.Y.Y.139 eq 7129 access-list outside_access_in extended permit tcp any host Y.Y.Y.142 eq www access-list outside_access_in extended permit tcp any host Y.Y.Y.142 eq 8554 access-list outside_access_in extended permit tcp any host Y.Y.Y.142 eq 6968 access-list outside_access_in extended permit tcp any host Y.Y.Y.142 eq 6969 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host
192.168.69.145 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host 192.168.69.146 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host 192.168.69.147 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host 192.168.69.148 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host 192.168.69.149 access-list nonat extended permit ip 192.168.69.0 255.255.255.0 host 192.168.69.150 pager lines 24 mtu outside 1500 mtu inside 1500 ip local pool vpnpool1 192.168.69.145-192.168.69.150 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) Y.Y.Y.140 192.168.69.41 netmask 255.255.255.255 static (inside,outside) Y.Y.Y.142 192.168.69.220 netmask 255.255.255.255 static (inside,outside) Y.Y.Y.139 192.168.69.42 netmask 255.255.255.255 static (inside,outside) Y.Y.Y.141 192.168.69.47 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 X.X.X.137 1