Firewall Wizards mailing list archives
Cisco PIX to FW-1 VPN with policy NAT help request
From: "Kari Mattsson (km#)" <km1 () trivore com>
Date: Mon, 1 Dec 2003 18:37:43 +0200 (EET)
Hi! I have a slight problem :-) It is propably an easy one for you.. I can get the VPN tunnel up ok, but ping/telnet/etc. isn't going through. On the FW-1 end they claim traffic is coming is from 10.1.1.0/24 network, which is not allowed. That is also why my pings are not answered. I'm trying to PAT all the traffic to IP 133.15.75.35. Any hints why I'm not succeeding? Here are some of the fragments of my configuration. Public IPs are imaginary. access-list acl2 permit icmp 10.1.1.0 255.255.255.0 any access-list acl2 permit ip 10.1.1.0 255.255.255.0 any access-group inside_acl in interface inside access-list acl3 permit icmp 10.1.1.0 255.255.255.0 host 192.189.32.128 access-list acl3 permit ip 10.1.1.0 255.255.255.0 host 192.189.32.128 global (outside) 99 133.15.75.36-133.15.75.59 netmask 255.255.255.224 global (outside) 99 133.15.75.60 netmask 255.255.255.224 global (outside) 11 133.15.75.35 netmask 255.255.255.224 nat (inside) 0 access-list no_nat nat (inside) 11 access-list acl3 0 0 nat (inside) 99 10.1.1.0 255.255.255.0 0 0 crypto map map7 10 ipsec-isakmp crypto map map7 10 match address acl3 crypto map map7 10 set peer 223.10.2.8 crypto map map7 10 set transform-set 3des-md5 crypto map map7 10 set security-association lifetime seconds 86400 isakmp key ******** address 223.10.2.8 netmask 255.255.255.255 no-xauth //km1 () trivore com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX to FW-1 VPN with policy NAT help request Kari Mattsson (km#) (Dec 01)