My VPN is working OK and I can to VPN (user3) from outside, I get ip
address
172.30.0.1 / 16 but I cannot PING a PC on the "applan" with address
172.30.1.199 / 23. Is there something wrong with my access-lists?
TIA, Ned
VPNFW# show run
: Saved
:
PIX Version 6.3(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 applan security10
hostname VPNFW
domain-name mineown.com
names
name 172.30.1.199 T21
access-list 102 permit tcp any any eq www
access-list 102 permit icmp any any
access-list 102 permit icmp any any echo-reply
access-list 102 permit ip any any
access-list 101 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
255.255.255.0
access-list 101 permit ip 10.0.0.0 255.255.255.0 172.30.0.0
255.255.0.0
access-list 101 permit ip 172.30.0.0 255.255.0.0 10.0.0.0
255.255.255.0
access-list 101 permit ip 10.1.1.0 255.255.255.0 10.0.0.0
255.255.255.0
access-list 101 permit ip 172.30.0.0 255.255.0.0 172.30.0.0
255.255.0.0
access-list 101 permit ip 10.1.1.0 255.255.255.0 172.30.0.0
255.255.0.0
pager lines 24
mtu intf5 1500
ip address outside 123.123.123.2 255.255.255.248
ip address inside 10.0.0.254 255.255.255.0
ip address applan 172.30.1.198 255.255.254.0
no ip address intf3
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
ip local pool MYVPN1 10.1.1.1-10.1.1.254
ip local pool MYVPN2 172.30.0.1-172.30.0.100
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 172.30.0.0 255.255.254.0 applan
pdm location 10.0.0.142 255.255.255.255 inside
pdm location 10.1.1.0 255.255.255.0 inside
pdm location 172.30.0.0 255.255.0.0 inside
pdm location 172.30.0.0 255.255.0.0 applan
pdm location T21 255.255.255.255 applan
arp timeout 14400
global (outside) 1 193.120.151.105
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (applan,outside) T21 T21 netmask 255.255.255.255 0 0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 123.123.123.1 1
http server enable
http 10.0.0.142 255.255.255.255 inside
http T21 255.255.255.255 applan
sysopt connection permit-ipsec
crypto ipsec transform-set trns1 esp-3des esp-sha-hmac
crypto ipsec transform-set trmset1 esp-3des esp-sha-hmac
crypto dynamic-map map2 10 set transform-set trmset1
crypto map map1 10 ipsec-isakmp dynamic map2
crypto map map1 interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup user1 address-pool MYVPN1
vpngroup user1 idle-time 600
vpngroup user1 password ********
vpngroup user2 address-pool MYVPN1
vpngroup user2 idle-time 1800
vpngroup user2 password ********
vpngroup user3 address-pool MYVPN2
vpngroup user3 idle-time 1800
vpngroup user3 password ********
vpngroup user4 address-pool MYVPN1
vpngroup user4 idle-time 1800
vpngroup user4 password ********
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.101-10.0.0.200 inside
dhcpd dns 123.111.9.1 123.111.9.48
dhcpd lease 3000
dhcpd ping_timeout 1000
dhcpd enable inside
username xxxxxx password KLWAlZDJtG1F7IEH encrypted privilege 2
: end
VPNFW#
|
Similar Threads
