Don't know if this is still of interest, but I had the same problem using Client V1.1 until I added:
sysopt ipsec pl-compatible
According to the PIX documentation, this should not be needed and is included for legacy support. But, you know, you go with what works.
I recently completed the Academy curriculum for CCNA. The materials teach you "the world according to Cisco," and from what I gather, this is important for passing the exam.
I had a strong computer background, but was new to networking. Your success will depend on how strong your...
After consulting this site and scouring the Cisco documents, I figured out how to do the site-site thing. What a pain in the ass--finding the right info, that is. (BTW, I hope noone at Cisco *really* said this can't be done; their docs say in numerous places that it can.)
It's not hard to do...
This should do it:
access-list 130 deny ip host 199.218.125.23 any
access-list 130 permit ip any any
access-group 130 in interface inside
199.218.125.23 will only be able to communicate with hosts on the inside interface's segment(s).
-db
"If possible, it would nice if the vpnclients could access the internet as well, but I guess thats only possible by split-tunnel or a proxy on the inside and that´s out of the question."
The users are coming *in* through the public internet. They already have access to it. The...
"
access-list 130 deny smtp any host 199.218.125.23 eq smtp
access-list 130 permit ip any any
access-group 130 in interface inside
"
In the first line, I don't think that the first "smtp" is legal. You need to specify tcp, udp, icmp, or ip there.
Your statement would read...
My PIX 506 configuration has a "route inside 172.30.0.0 255.255.0.0 172.20.x.x 1" command.
I am in the .20 network; my default gateway is the inside interface of the PIX.
When I try to ping a host on the .30 network, it constantly times out. I would think that this command would...
Slightly OT, but how do you find a specific numbered thread?
I didn't see an option for thread ID on the search page, and
doing a keyword search gave hundreds of hits.
-db
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.