cisco crypto dynamic map problem?

["Meindert Uitman" <meindert.uitman () avic nl>]

cisco crypto dynamic map problem?

Here's the story:
Cisco's vpn client 3.5 once connected to my pix515. all worked fine. After
accidentally overwriting configuration,  and reentering it, :-{ , clients
can connect, but traffic through the pix isn't possible.

In short:

ip local pool defined
acl 101 permit ip for ip local pool
acl 102 permit ip for cryptomap 'q'
nat 0 for acl 101
static(inside,outside) public_ip_TS_server local_ip netmask

sysopt connection permit ipsec
isakmp and vpngroup defined

crypto ipsec transform-set 'a'
crypto dynamic-map 'q' nn match adr acl 102
crypto dynamic-map 'q' nn set transform set 'a'

crypto map oustside-map nnnn ipsec-isakmp dynamic 'q'
crypto map oustside-map interface outside

vpn client connects to outside intf of pix.
Terminal services tries to connect to static for TS-server.
vpn client states 'connected' (correct adress from ip local pool). Pix
Logging shows: sa's established.
After attempts to 'terminal-service' through the Pix, Pix logging shows:
deny inbound, no xlate src  correct_ip_local_pool dst
outside_publ_addr_client_machine

Overlooked config several times, could use a pointed stick towards
solution..
Thanks in advance..




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards