My VPN is working OK and I can to VPN (user3) from outside, I get ip address
172.30.0.1 / 16 but I cannot PING a PC on the "applan" with address 172.30.1.199 / 23. Is there something wrong with my access-lists? TIA, NedVPNFW# show run : Saved : PIX Version 6.3(4)
nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 applan security10 hostname VPNFW domain-name mineown.com names name 172.30.1.199 T21
access-list 102 permit tcp any any eq www access-list 102 permit icmp any any access-list 102 permit icmp any any echo-reply access-list 102 permit ip any any access-list 101 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
255.255.255.0 access-list 101 permit ip 10.0.0.0 255.255.255.0 172.30.0.0 255.255.0.0 access-list 101 permit ip 172.30.0.0 255.255.0.0 10.0.0.0 255.255.255.0 access-list 101 permit ip 10.1.1.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list 101 permit ip 172.30.0.0 255.255.0.0 172.30.0.0 255.255.0.0 access-list 101 permit ip 10.1.1.0 255.255.255.0 172.30.0.0 255.255.0.0 pager lines 24mtu intf5 1500 ip address outside 123.123.123.2 255.255.255.248 ip address inside 10.0.0.254 255.255.255.0 ip address applan 172.30.1.198 255.255.254.0 no ip address intf3 no ip address intf4 no ip address intf5 ip audit info action alarm ip audit attack action alarm ip local pool MYVPN1 10.1.1.1-10.1.1.254 ip local pool MYVPN2 172.30.0.1-172.30.0.100
pdm location 10.0.0.0 255.255.255.0 inside pdm location 172.30.0.0 255.255.254.0 applan pdm location 10.0.0.142 255.255.255.255 inside pdm location 10.1.1.0 255.255.255.0 inside pdm location 172.30.0.0 255.255.0.0 inside pdm location 172.30.0.0 255.255.0.0 applan pdm location T21 255.255.255.255 applan
arp timeout 14400 global (outside) 1 193.120.151.105 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (applan,outside) T21 T21 netmask 255.255.255.255 0 0 access-group 102 in interface outside route outside 0.0.0.0 0.0.0.0 123.123.123.1 1
http server enable http 10.0.0.142 255.255.255.255 inside http T21 255.255.255.255 applan
sysopt connection permit-ipsec crypto ipsec transform-set trns1 esp-3des esp-sha-hmac crypto ipsec transform-set trmset1 esp-3des esp-sha-hmac crypto dynamic-map map2 10 set transform-set trmset1 crypto map map1 10 ipsec-isakmp dynamic map2 crypto map map1 interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup user1 address-pool MYVPN1 vpngroup user1 idle-time 600 vpngroup user1 password ******** vpngroup user2 address-pool MYVPN1 vpngroup user2 idle-time 1800 vpngroup user2 password ******** vpngroup user3 address-pool MYVPN2 vpngroup user3 idle-time 1800 vpngroup user3 password ******** vpngroup user4 address-pool MYVPN1 vpngroup user4 idle-time 1800 vpngroup user4 password ******** telnet 0.0.0.0 0.0.0.0 inside telnet timeout 15 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 dhcpd address 10.0.0.101-10.0.0.200 inside dhcpd dns 123.111.9.1 123.111.9.48 dhcpd lease 3000 dhcpd ping_timeout 1000 dhcpd enable inside username xxxxxx password KLWAlZDJtG1F7IEH encrypted privilege 2
: end VPNFW#