Hello,
I have a PIX 520 Version 6.3 running 5 site-to-site's, 4 with corresponding PIX's and 1 with a nortel contivity.
all site-to-site tunnels are up and functional.
I recently configured my PIX for aaa authentication using RADIUS authentication for VPN clients.
after configuring the...
themut,
your solution was right.
I static natted the internal IP to an external and opened up ports 50, 51 and udp 500 in the access list on the outside interface and it worked.
I tried leaving just the access-list ports (50,51,500 on external interface) open and port mapping (instead of...
by configuring a static translation on the PIX for the VPN client do you mean configuring a static translation for one of the machines inside the other network to it's PIX?
I assumed that adding the command "sysopt connection permit-ipsec" would drop the need to specifically open up...
hi all,
I'm having a problem trying to successfully connect to networks behind firewalls from behind my PIX firewall.
we connect to about 10 to 15 sites and most sites require us to VPN in using CISCO client software.
we can successfully dial in with the CISCO client software but cannot...
also do the same for the access list for the TCP command line on the inside interface.
add
access-list acl_inside permit tcp any any
remove
access-list acl_inside permit tcp any any eq domain.
since you are using port mapping you gotta allow internal-to-extranl access through all ports...
add the following line to to your PIX firewall configuration
access-list acl_inside permit udp any any
remove the following
access-list acl_inside permit udp any any eq domain
this will fix your internet access from behind the firewall.
Hi yizhar,
could you please elaborate on the access list and access group problem
I changed the icmp access list id to 100 and also added a new access group statment to identify id 100 with the inside interface, which means acl_in is now only used with the nating statement used while...
hey all,
have a question about outbound traffic from a high level interface to a low level interface.
for some odd reason the pix is not allowing any outbound traffic on any port except icmp (ping)
there are no explicit denies or any rules to hinder outbound traffic and it is true that...
hey themut and dx1,
thanx for the info, it works well. i can VPN in and everything works well.
Thanx once again.
I set the access list as u suggested but the other way around
access-list acl_in permit ip 10.90.10.0 255.255.255.0 10.90.100.0 255.255.255.0
just out of...
hi DX1 and themut,
i changed to a different subnet range for the vpn assignments but i still can't access the servers and workstations inside.
the pix internal interface has the ip 10.90.10.253. when posting the question initially here, i had vpn set to assign in the range...
hi,
just need a little guidance on how to set the right subnet mask for IP's being assigned by the PIX vpn device.
the following IP's have been configured for vpn assignment
10.90.10.111-10.90.10.120.
IP's in the 10.90.10.0-255 (excluding 111-120) range with a subnet mask of 255.255.255.0 are...
hi, thankyou for the tip but i don't have the pix setup for isakmp and crypto traffic.
I have it setup for very basic pptp traffic using the windows pptp client dialer.
Please advice
thankyou
hi all,
this is my first crack at the PIX.
I wanna be able to allow users to VPN into the office remotely.
I just can't seem to get the PIX to allow inbound basic pptp connections
the error I get when i try and dial in through MS VPN dialer is this
error 651: the modem (or other...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.