PIX 515 - Cant get to Internet, but VPN works?

Discussion in 'Cisco' started by Scott Townsend, Jul 24, 2006.

  1. We had a Power outage and I guess I must have not saved a Config somewhere,
    either on the Edge Router or the PIX.

    When I came in, I could get to the internet with no issues. When I restored
    the last working config to the PIX, I was able to Connect to the VPN and now
    I can no longer reach the internet.

    The interesting thing was that in my Saved Config I had the following:

    object-group protocol VPN-PROTOCOLS

    protocol-object ip

    protocol-object tcp

    protocol-object udp

    protocol-object icmp

    object-group network NETWORK-VPN-ALL

    network-object 10.1.0.0 255.255.0.0

    network-object 10.2.0.0 255.255.0.0

    network-object 10.3.0.0 255.255.0.0

    network-object 10.6.0.0 255.255.0.0



    access-list inside_nat extended permit object-group VPN-PROTOCOLS
    object-group NETWORK-VPN-ALL object-group NETWORK-VPN-ALL
    access-list outside-nat0_outbound extended permit object-group VPN-PROTOCOLS
    object-group NETWORK-VPN-ALL object-group NETWORK-VPN-ALL
    access-list outside-nat0_inbound extended permit object-group VPN-PROTOCOLS
    object-group NETWORK-VPN-ALL object-group NETWORK-VPN-ALL

    nat (outside-SF) 0 access-list outside-SF_nat0_outbound
    nat (outside-SF) 0 access-list outside-SF_nat0_inbound outside
    nat (inside-SF) 0 access-list inside_nat

    When I applied the NAT Statements, its said something about ACL included
    protocols and then it didn't take the NAT statement



    I removed the object-group VPN-PROTOCOLS and replaced it with 'ip' and I
    was able to get to the Remote Site VPN. Now I cant even telnet to the Edge
    Router.



    What is the best way to troubleshoot this?





    Thank you



    Scott<-
     
    Scott Townsend, Jul 24, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.