Could someone please help? I cannot establish a connection to an outside PIX (at a.b.c.d) with my Cisco VPN client (Version 3.5.1(E)) because it is (apparently) being blocked by the local PIX firewall. The error I get in the local PIX syslog is:
Local4.Error 192.168.0.1 %PIX-3-106011: Deny inbound (No xlate) udp source outside a.b.c.d/500 dst outside w.x.y.z/500
my access-list contains this:
access-list letmein permit udp any w.x.y.0 255.255.255.224 eq isakmp (hitcnt=0)
access-list letmein permit udp any any eq isakmp (hitcnt=0)
a show xlate shows this:
PAT Global w.x.y.z(13) Local 192.168.0.86(500)
show nat:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
show global:
global (outside) 1 w.x.y.z netmask 255.255.255.255
I think one of the key points is the Local4.Error shows "dst outside" as opposed to "dst inside".
I can get around this if I use a static NAT translation, but I don't want to have to set one up for each laptop attempting to VPN. Any advice would be greatly appreciated.
Thanks
-gbiello
Local4.Error 192.168.0.1 %PIX-3-106011: Deny inbound (No xlate) udp source outside a.b.c.d/500 dst outside w.x.y.z/500
my access-list contains this:
access-list letmein permit udp any w.x.y.0 255.255.255.224 eq isakmp (hitcnt=0)
access-list letmein permit udp any any eq isakmp (hitcnt=0)
a show xlate shows this:
PAT Global w.x.y.z(13) Local 192.168.0.86(500)
show nat:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
show global:
global (outside) 1 w.x.y.z netmask 255.255.255.255
I think one of the key points is the Local4.Error shows "dst outside" as opposed to "dst inside".
I can get around this if I use a static NAT translation, but I don't want to have to set one up for each laptop attempting to VPN. Any advice would be greatly appreciated.
Thanks
-gbiello
