Hello ClimbingColorado,
I think tonight I was trying to do exactly same thing.
Use PIX to sent all traffic from VPN client through external interface and using NAT.
I had problems and found this post.
I also have second PIX and also no luck.
Sounds like intelwizrd might be right about...
Thanks
This is not about the configuration on the PIX or the laptop.
I am able to connect from another location.
Same laptop connected to another network and can not ping, connect, nothing.
looks lie this is the device beetween us.
I was able to connect and authenticate.
In the network monitor...
Hi,
PIX 506E and Cisco VPN Client 4.0.3C
I can establish VPN session, enter user name and password.
Get the DNS, WINS servers. but the default gateway is empty.
I can not get to any resources in internal network.
This is only on one laptop. Other machines work fine.
any idea?
removed Sygate...
I found the problem:
had to change
access-list inside_outbound_nat0_acl permit ip any 172.17.2.0 255.255.255.0
to
access-list inside_outbound_nat0_acl permit ip 200.200.200.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 200.200.201.0 255.255.255.0...
Hi,
We use PIX 506E and VPN Client 401
our vpn users can access internal machines
but they can not access internet
ping to internal hosts works but they can not ping anything outside.
is this because of the NAT disbaled for VPN pool
or the permitions?
regards
xdeq
interface ethernet0...
and one more thing
I agree with BuckWeet that having
"ISP router at 200.200.200.1, and your firewall at 200.200.200.2"
would solve the problem.
but in this case I have to dedicate one public address on
ISP router. and can not use it on PIX for static any more.
Robert
Guys
thank you for the reposnse.
308win
this is not about routing from isp.
because I am connected to the network 172.17.1.0
I can ftp to 200.x.x.10
so that means that static works fine even if the interface ip is 172.17.1.1.
I believe that after I do
add route 200.x.x.x mask 255.255.255.248...
P.S. my client computer is connected
to 172.17.1.0 network
IP:172.17.1.100
gateway:172.17.1.1
static mappings work fine
telnt 200.200.200.10
ftp 200.200.200.10
the idea is that client will connect from the internet so I'd like to use public address 200.200.200.14 rather then
ip on outside...
|
| 192.168.1.254
PIX global (outside) 1 200.200.200.14
| 172.17.1.1
|
| 172.17.1.2
ISP router
| 123.123.123.1
|
internet
I use have PIX 506E and VPN Client 4.0.1
I can establisch vpn connection when use ip address of external interface (172.17.1.1).
But it does not work when I try to...
I found this site very useful.
So keep posting new questions.
I study Cisco PIX Firewall and VPN Configuration Guide, Version 6.3
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/
and can not find the section where they clearly describe what needs to be done to:
1...
I think this is simple question since many of you have this configured already.
what should be addressing on my external interface,
on segment between PIX506E and ISP DSL router?
I have 5 public ips from the ISP.
internal interface is 192.168.1.1
can I use addresses 172.16.1.1(PIX)...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.