Hello,
i have one question. I use PIX with 6.2(2) and cant connect from vpn client to web access via split-tunneling.
access-list VPN_splitTunnelAcl permit ip any any
access-list 60 permit ip 10.0.242.0 255.255.255.0 any
access-list 50 permit ip 11.0.0.0 255.0.0.0 10.0.242.0 255.255.255.0
ip local pool VPN-Client 10.0.242.1-10.0.242.29
ip address outside ooo.ooo.ooo.148 255.255.255.224
ip address inside 11.ii.ii.ii 255.255.255.0
nat (inside) 0 access-list 50
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication TACACS+
crypto map outside_map interface outside
vpngroup VPN address-pool VPN-Client
vpngroup VPN dns-server xxx.xxx.xxx.xxx
vpngroup VPN wins-server xxx.xxx.xxx.xxx
vpngroup VPN default-domain xxx.xxx
vpngroup VPN split-tunnel 50
vpngroup VPN idle-time 1800
vpngroup VPN password ****
my problem the client can access the inside network no problem, but when i try a connection to the internet no connect the pix tell me a error like
106011: Deny inbound (No xlate) tcp src outside:2.2.2.2/3730 dst outside:
172.177.120.254/4662
2.2.2.2 is the internet address come from the provider
i try the access-list 50, 60 and VPN_splitTunnelAcl no access.
thx for help pleas excuse my english
thorben
i have one question. I use PIX with 6.2(2) and cant connect from vpn client to web access via split-tunneling.
access-list VPN_splitTunnelAcl permit ip any any
access-list 60 permit ip 10.0.242.0 255.255.255.0 any
access-list 50 permit ip 11.0.0.0 255.0.0.0 10.0.242.0 255.255.255.0
ip local pool VPN-Client 10.0.242.1-10.0.242.29
ip address outside ooo.ooo.ooo.148 255.255.255.224
ip address inside 11.ii.ii.ii 255.255.255.0
nat (inside) 0 access-list 50
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication TACACS+
crypto map outside_map interface outside
vpngroup VPN address-pool VPN-Client
vpngroup VPN dns-server xxx.xxx.xxx.xxx
vpngroup VPN wins-server xxx.xxx.xxx.xxx
vpngroup VPN default-domain xxx.xxx
vpngroup VPN split-tunnel 50
vpngroup VPN idle-time 1800
vpngroup VPN password ****
my problem the client can access the inside network no problem, but when i try a connection to the internet no connect the pix tell me a error like
106011: Deny inbound (No xlate) tcp src outside:2.2.2.2/3730 dst outside:
172.177.120.254/4662
2.2.2.2 is the internet address come from the provider
i try the access-list 50, 60 and VPN_splitTunnelAcl no access.
thx for help pleas excuse my english
thorben
