Cisco PIX access-list VPN problem

[CHOUM]

Hello,

I have a PIX 515E vith 9 VPN established but it's all open.
ex : 10.1.0.0/16 <=> 192.78.225.0/24 all open

It's work fine.

But i want to make some restrictions:
ex: 10.1.3.0/24 <=> 192.78.225.0/24
10.1.100.0/24 <=> 192.78.225.0/24

But here nothing pass through the VPN... Is the mask stress the PIX? What could it be?
(i reset all cache, reboot the PIX, etc... nothing to do. When i put the old access-list the communication restart immediatly...

Have you some tips?

 

[mdabney]

To make this work for me I created an address pool
ex: ip local pool mypool 192.168.1.1-192.168.1.254

Then used VPN group
ex.

vpngroup group1-all address-pool mypool

This eliminated the problem I had with no access.

And yes, the correct mask is important.

 

[CHOUM]

mm it's an idea but how must i do the access-list with it? PIX don't understand the syntax with the address pool...
have you an exemple?

 

[tekuser14]

What VPN device are you connecting to on the remote side? Your access-lists have to match on each side of the tunnel, so make sure you change the access lists on the remote device also.

 

[CHOUM]

We manage the security on this side, the other peer allow everything... So it must work ...
(i have PIX, checkpoint or FreeS/WAN on the other side, same problem on each VPN...)