Announcement

Collapse
No announcement yet.

PIX VPN client connect to Internal

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PIX VPN client connect to Internal

    Hi,

    I have a PIX 515e confirgure with VPN remote access.
    VPN client successfully connected from outside.

    The VPN ip pool is 172.19.100.101~

    How can the VPN client access a Internal server with ip 172.59.1.10?

    below is the simplified version of config:
    =~=~=~=~=~=~=~=~=~=~=~=
    sh run
    : Saved
    :
    PIX Version 6.3(1)


    access-list outside_access_in permit ip 172.19.100.96 255.255.255.240 interface inside
    access-list inside_outbound_nat0_acl permit ip any 172.19.100.96 255.255.255.240
    access-list inside_outbound_nat0_acl permit ip any host 172.59.1.1
    access-list inside_outbound_nat0_acl permit ip host 172.19.100.64 host knizam
    access-list outside_cryptomap_dyn_20 permit ip any 172.19.100.96 255.255.255.240
    access-list outside_cryptomap_20 permit ip host 172.19.100.64 host knizam
    no pager
    logging on
    logging timestamp
    logging trap warnings
    logging facility 22
    logging device-id string pixfirewall
    logging host inside Linux_File_Srv
    mtu outside 1500
    mtu inside 1500
    mtu intf2 1500
    ip address outside 203.x.x.27 255.255.255.248
    ip address inside 172.19.100.20 255.0.0.0
    no ip address intf2
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool klccippool 172.19.100.101-172.19.100.105

    arp timeout 14400
    global (outside) 10 interface
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 10 0.0.0.0 0.0.0.0 0 0

    static (inside,outside) 203.x.x.26 172.19.100.64 netmask 255.255.255.255 0 0
    static (inside,outside) 172.19.100.20 172.19.100.20 netmask 255.255.255.255 0 0
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 203.x.x.25 1

    http 0.0.0.0 0.0.0.0 outside
    http 172.19.100.64 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
    crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
    crypto map outside_map 20 ipsec-isakmp
    crypto map outside_map 20 match address outside_cryptomap_20
    crypto map outside_map 20 set peer 219.x.x.58
    crypto map outside_map 20 set transform-set ESP-3DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map client authentication LOCAL
    crypto map outside_map interface outside
    isakmp enable outside
    isakmp key ******** address 219.x.x.58 netmask 255.255.255.255 no-xauth no-config-mode
    isakmp policy 20 authentication pre-share
    isakmp policy 20 encryption 3des
    isakmp policy 20 hash md5
    isakmp policy 20 group 2
    isakmp policy 20 lifetime 86400
    vpngroup KLCCVPN address-pool klccippool
    vpngroup KLCCVPN dns-server 203.x.x.25 203.x.x.24
    vpngroup KLCCVPN idle-time 1800
    vpngroup KLCCVPN password ********

    terminal width 80
    Cryptochecksum:22250d7d80645125e7ff8619818ddcc0
    : end

    IST#

  • #2
    Re: PIX VPN client connect to Internal

    I do not have enough information to help you. Could you please provide sanitized running config from your pix firewall? I do not see for example any info about tunnel-groups now.

    Regards.

    Comment

    Working...
    X