Boydiebloke
Technical User
I have reacntly set up a fix 501 firewall to Vpn on to as remote access. The pix box is happily accepting connections and the connection is stable, but i can not get to any part of the network behind it, am able to ping wan side, but when i try to ping lan side i does not pass the packet through (light flashes on wan side but not on lan) and discards it.
Any advices would be much appreciated.
Please find config below (missing the good bits tough)
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password fTaL3WVg0jAXYO/Z encrypted
passwd fTaL3WVg0jAXYO/Z encrypted
hostname Ramsgate
domain-name xxxxxx
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 10.0.0.1 Ramsgate-server
access-list outside_access_in permit tcp any host x.x.x.212 eq 1723
access-list outside_access_in permit gre any host x.x.x.x
access-list 101 permit icmp host 10.0.0.251 host Ramsgate-server
access-list 101 permit ip host 10.0.0.251 host Ramsgate-server
access-list 101 permit tcp host 10.0.0.251 host Ramsgate-server
access-list 101 permit udp host 10.0.0.251 host Ramsgate-server
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x x.x.x.x
ip address inside 10.0.0.4 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp 10.0.0.251-10.0.0.252
pdm location Ramsgate-server 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) x.x.x.x Ramsgate-server netmask 255.255.255.255
0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
sysopt connection permit-pptp
no sysopt route dnat
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 10
ssh timeout 5
vpdn group ramsgate accept dialin pptp
vpdn group ramsgate ppp authentication mschap
vpdn group ramsgate ppp encryption mppe 40
vpdn group ramsgate client configuration address local pptp
vpdn group ramsgate client configuration dns Ramsgate-server
vpdn group ramsgate client configuration wins Ramsgate-server
vpdn group ramsgate pptp echo 300
vpdn group ramsgate client authentication local
vpdn username x password x
vpdn username x password x
vpdn enable outside
terminal width 80
Cryptochecksum:fec34716279b42e05bda997f44603efd
Any advices would be much appreciated.
Please find config below (missing the good bits tough)
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password fTaL3WVg0jAXYO/Z encrypted
passwd fTaL3WVg0jAXYO/Z encrypted
hostname Ramsgate
domain-name xxxxxx
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
name 10.0.0.1 Ramsgate-server
access-list outside_access_in permit tcp any host x.x.x.212 eq 1723
access-list outside_access_in permit gre any host x.x.x.x
access-list 101 permit icmp host 10.0.0.251 host Ramsgate-server
access-list 101 permit ip host 10.0.0.251 host Ramsgate-server
access-list 101 permit tcp host 10.0.0.251 host Ramsgate-server
access-list 101 permit udp host 10.0.0.251 host Ramsgate-server
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside x.x.x.x x.x.x.x
ip address inside 10.0.0.4 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp 10.0.0.251-10.0.0.252
pdm location Ramsgate-server 255.255.255.255 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) x.x.x.x Ramsgate-server netmask 255.255.255.255
0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
sysopt connection permit-pptp
no sysopt route dnat
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 10
ssh timeout 5
vpdn group ramsgate accept dialin pptp
vpdn group ramsgate ppp authentication mschap
vpdn group ramsgate ppp encryption mppe 40
vpdn group ramsgate client configuration address local pptp
vpdn group ramsgate client configuration dns Ramsgate-server
vpdn group ramsgate client configuration wins Ramsgate-server
vpdn group ramsgate pptp echo 300
vpdn group ramsgate client authentication local
vpdn username x password x
vpdn username x password x
vpdn enable outside
terminal width 80
Cryptochecksum:fec34716279b42e05bda997f44603efd