Hello board,
I'm trying to setup my PIX 515-R for remote access and I have hit the wall. I'm
able to receive dhcp from
my configured address pool and DNS, but I'm still unable to ping anything on the
inside. What am I missing
in this config listed below and why am I not receiving a default gateway? I'm
using the Cisco 3K release 4.0.2.D
for my vpn client. Thanks for the help folks....
-Fletch
*********************MY CONFIG******************************
access-list 110 permit ip 172.16.1.0 255.255.255.0 192.168.100.0 255.255.255.0
ip local pool vpnpool 192.168.100.1-192.168.100.25
nat (inside) 0 access-list 110
sysopt connection permit-ipsec
no sysopt route dnat (this command doesn't work in 6.3)
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
crypto map vpnmap interface outside
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local vpnpool outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup test address-pool vpnpool
vpngroup test dns-server 172.16.1.6
vpngroup test default-domain (blank)
vpngroup test split-tunnel 110
vpngroup test idle-time 1800
vpngroup test password (blank)
I'm trying to setup my PIX 515-R for remote access and I have hit the wall. I'm
able to receive dhcp from
my configured address pool and DNS, but I'm still unable to ping anything on the
inside. What am I missing
in this config listed below and why am I not receiving a default gateway? I'm
using the Cisco 3K release 4.0.2.D
for my vpn client. Thanks for the help folks....
-Fletch
*********************MY CONFIG******************************
access-list 110 permit ip 172.16.1.0 255.255.255.0 192.168.100.0 255.255.255.0
ip local pool vpnpool 192.168.100.1-192.168.100.25
nat (inside) 0 access-list 110
sysopt connection permit-ipsec
no sysopt route dnat (this command doesn't work in 6.3)
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
crypto map vpnmap interface outside
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local vpnpool outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup test address-pool vpnpool
vpngroup test dns-server 172.16.1.6
vpngroup test default-domain (blank)
vpngroup test split-tunnel 110
vpngroup test idle-time 1800
vpngroup test password (blank)