«

- I m using Pix 525 and Cisco VPN Clinet on XP. I am successly able to
establsihed the connection.
A remote user throug modem / ISP is able to connect to my pix firewall
after the authenticaiton from AAA server. On successful connection, a
IP address is alloted to the remote client from the Pool, but the
client is not able to ping the internal network.

Internal network 172.16.1.0 /24
Pool Network 172.16.2.0 /24

Which access list should I apply so that the remote clinet (POOL) can
access the Intennal network ( Domain server, Mail Server) and what
other services can I use.

By default PIX blocks from a higher security to lower security
interface. With Access VPN, even though you have successfully
connected and gotten and address you still have to have an ACL to
permit traffic to Inside. Try an Any-Any ACL with a Source address of
172.16.2.0/24. Apply it from Outside to Inside. It is easiest to do
this with the PDM GUI tool on the PIX.

Steve Griffin
www.blueconsole.com (Bluetooth Wireless Console Cable)