PIX VPN

Discussion in 'Cisco' started by Ned, Jun 9, 2009.

  1. Ned

    Ned Guest

    My VPN is working OK and I can to VPN (user3) from outside, I get ip
    address
    172.30.0.1 / 16 but I cannot PING a PC on the "applan" with address
    172.30.1.199 / 23. Is there something wrong with my access-lists?
    TIA, Ned

    VPNFW# show run
    : Saved
    :
    PIX Version 6.3(4)

    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 applan security10
    hostname VPNFW
    domain-name mineown.com
    names
    name 172.30.1.199 T21

    access-list 102 permit tcp any any eq www
    access-list 102 permit icmp any any
    access-list 102 permit icmp any any echo-reply
    access-list 102 permit ip any any
    access-list 101 permit ip 10.0.0.0 255.255.255.0 10.1.1.0
    255.255.255.0
    access-list 101 permit ip 10.0.0.0 255.255.255.0 172.30.0.0
    255.255.0.0
    access-list 101 permit ip 172.30.0.0 255.255.0.0 10.0.0.0
    255.255.255.0
    access-list 101 permit ip 10.1.1.0 255.255.255.0 10.0.0.0
    255.255.255.0
    access-list 101 permit ip 172.30.0.0 255.255.0.0 172.30.0.0
    255.255.0.0
    access-list 101 permit ip 10.1.1.0 255.255.255.0 172.30.0.0
    255.255.0.0
    pager lines 24

    mtu intf5 1500
    ip address outside 123.123.123.2 255.255.255.248
    ip address inside 10.0.0.254 255.255.255.0
    ip address applan 172.30.1.198 255.255.254.0
    no ip address intf3
    no ip address intf4
    no ip address intf5
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool MYVPN1 10.1.1.1-10.1.1.254
    ip local pool MYVPN2 172.30.0.1-172.30.0.100

    pdm location 10.0.0.0 255.255.255.0 inside
    pdm location 172.30.0.0 255.255.254.0 applan
    pdm location 10.0.0.142 255.255.255.255 inside
    pdm location 10.1.1.0 255.255.255.0 inside
    pdm location 172.30.0.0 255.255.0.0 inside
    pdm location 172.30.0.0 255.255.0.0 applan
    pdm location T21 255.255.255.255 applan

    arp timeout 14400
    global (outside) 1 193.120.151.105
    nat (inside) 0 access-list 101
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (applan,outside) T21 T21 netmask 255.255.255.255 0 0
    access-group 102 in interface outside
    route outside 0.0.0.0 0.0.0.0 123.123.123.1 1

    http server enable
    http 10.0.0.142 255.255.255.255 inside
    http T21 255.255.255.255 applan

    sysopt connection permit-ipsec
    crypto ipsec transform-set trns1 esp-3des esp-sha-hmac
    crypto ipsec transform-set trmset1 esp-3des esp-sha-hmac
    crypto dynamic-map map2 10 set transform-set trmset1
    crypto map map1 10 ipsec-isakmp dynamic map2
    crypto map map1 interface outside
    isakmp enable outside
    isakmp identity address
    isakmp nat-traversal 20
    isakmp policy 10 authentication pre-share
    isakmp policy 10 encryption 3des
    isakmp policy 10 hash sha
    isakmp policy 10 group 2
    isakmp policy 10 lifetime 86400
    vpngroup user1 address-pool MYVPN1
    vpngroup user1 idle-time 600
    vpngroup user1 password ********
    vpngroup user2 address-pool MYVPN1
    vpngroup user2 idle-time 1800
    vpngroup user2 password ********
    vpngroup user3 address-pool MYVPN2
    vpngroup user3 idle-time 1800
    vpngroup user3 password ********
    vpngroup user4 address-pool MYVPN1
    vpngroup user4 idle-time 1800
    vpngroup user4 password ********
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 15
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 5
    console timeout 0
    dhcpd address 10.0.0.101-10.0.0.200 inside
    dhcpd dns 123.111.9.1 123.111.9.48
    dhcpd lease 3000
    dhcpd ping_timeout 1000
    dhcpd enable inside
    username xxxxxx password KLWAlZDJtG1F7IEH encrypted privilege 2

    : end
    VPNFW#
    Ned, Jun 9, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard

    PIX to PIX to PIX meshed VPN

    Richard, Nov 13, 2003, in forum: Cisco
    Replies:
    1
    Views:
    569
    Richard
    Nov 15, 2003
  2. GVB
    Replies:
    1
    Views:
    2,728
    Martin Bilgrav
    Feb 6, 2004
  3. Tom
    Replies:
    4
    Views:
    645
  4. Marko Uusitalo
    Replies:
    1
    Views:
    1,475
    Frank Durham
    Apr 11, 2005
  5. Svenn
    Replies:
    3
    Views:
    695
    Svenn
    Mar 13, 2006
Loading...

Share This Page