Search results for query: *

do a "clear xlate" see if this clears it.

Not allowed to do that, sorry. You have to have a Smartnet with Cisco. It is illegal.

Can you ping anything? If yes can you manually map a drive? If yes, then it is working, browsing is not permitted over VPN.

The above should work. do a "debug crypto isakmp 128" "term mon" and then monitor what goes on.

I am back

Can you do me a diagram? Your PIX is capable of running the V8, buying new may be a waste. If this is VPN, yes it can, normal traffic not sure but I have spare PIX/ASA so can give it a try.

You said it was for a specific VLAN, do you have a target subnet on that vlan? If so, route to that.

I have completely re-written tha access list, all of them. Back up your config and remove ALL access lists and start with the following. IF you do have an internal ISA server make sure that any traffic going through it to the DMZ is not natted otherwise it will not work, have seen this before...

I think the port map error is a red herring. What are your routes reading? You have 2 connections to 2 ISPs, how can you do a route for all zeros to both.

A quick question, are you using a proxy server internally?

We ned to re-write, if you look at the acces-list statements above they are almost the same as the ones I am writing. I will look at this in the morning, re-write and get it back to you. We will definately get this working by tomorrow :-)

no nat (inside) 0 access-list inside_nat0_outbound no nat (inside) 0 access-list inside_nat0_outbound_1 outside nat (inside) 0 access-list nonat

Er, just think I may have seen what the problem is, you do not have a route to the DMZ. route dmz 30.30.30.0 255.255.255.0 30.30.30.100

Er, just think I may have seen what the problem is, you do not have a route to the DMZ. route dmz 30.30.30.0 255.255.255.0 30.30.30.100

also put this in access-list inside_access_in permit tcp object-group local-lan object-group dmz-www object-group www

try this before you do anything nat (dmz) 1 0.0.0.0 0.0.0.0

got to be carefull of the access-list order. Would be easier if we convert all the access-list to use object-groups.

have you removed everything we tried?

You have this:- access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.128 try changing it to this, do not remove it yet because you can put it back any time. object-group network dmz-www network-object host 30.30.30.1 network-object host...

You have this:- access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.128 What is the last bit doing by the way, 192.168.0.0 255.255.255.128? is this your VPN clients?