Firewall Wizards mailing list archives
cisco crypto dynamic map problem?
From: "Meindert Uitman" <meindert.uitman () avic nl>
Date: Thu, 1 May 2003 17:04:35 +0200
cisco crypto dynamic map problem? Here's the story: Cisco's vpn client 3.5 once connected to my pix515. all worked fine. After accidentally overwriting configuration, and reentering it, :-{ , clients can connect, but traffic through the pix isn't possible. In short: ip local pool defined acl 101 permit ip for ip local pool acl 102 permit ip for cryptomap 'q' nat 0 for acl 101 static(inside,outside) public_ip_TS_server local_ip netmask sysopt connection permit ipsec isakmp and vpngroup defined crypto ipsec transform-set 'a' crypto dynamic-map 'q' nn match adr acl 102 crypto dynamic-map 'q' nn set transform set 'a' crypto map oustside-map nnnn ipsec-isakmp dynamic 'q' crypto map oustside-map interface outside vpn client connects to outside intf of pix. Terminal services tries to connect to static for TS-server. vpn client states 'connected' (correct adress from ip local pool). Pix Logging shows: sa's established. After attempts to 'terminal-service' through the Pix, Pix logging shows: deny inbound, no xlate src correct_ip_local_pool dst outside_publ_addr_client_machine Overlooked config several times, could use a pointed stick towards solution.. Thanks in advance.. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- cisco crypto dynamic map problem? Meindert Uitman (May 01)
- Re: cisco crypto dynamic map problem? Dave Rinker (May 02)