Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Networking Forum > Security and Firewalls
Reload this Page Cisco VPN client - PIX 315 - users connect but cannot ping or communicate
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Security and Firewalls Protecting you against unwanted people and programs

Reply
 
LinkBack Thread Tools
Old 01-18-2008, 12:27 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 1
OS: XP SP2


Cisco VPN client - PIX 315 - users connect but cannot ping or communicate
I have configured a PIX 315 to allow VPN connections and authenticate users through Active Directory. Users can authenticate, but cannot go anywhere once they are connected.

Any help you can provide would be MOST APPRECIATED!

access-list INET_IN permit icmp any any echo-reply
access-list INET_IN permit icmp any any time-exceeded
access-list INET_IN permit tcp any host x.x.x.x eq www
access-list INET_IN permit tcp any host x.x.x.x eq https
access-list INET_IN permit tcp any host x.x.x.x eq ftp
access-list INET_IN permit tcp host x.x.x.x host x.x.x.x eq 3389
access-list INET_IN deny tcp any host x.x.x.x eq 41794
access-list INET_IN deny tcp any host x.x.x.x eq 41795
access-list INET_IN permit tcp any host x.x.x.x eq h323
access-list INET_IN permit tcp any host x.x.x.x eq 3230
access-list INET_IN permit tcp any host x.x.x.x eq 3231
access-list INET_IN permit tcp any host x.x.x.x eq 3232
access-list INET_IN permit tcp any host x.x.x.x eq 3233
access-list INET_IN permit tcp any host x.x.x.x eq 3234
access-list INET_IN permit tcp any host x.x.x.x eq 3235
access-list INET_IN permit udp any host x.x.x.x eq 3235
access-list INET_IN permit udp any host x.x.x.x eq 3236
access-list INET_IN permit udp any host x.x.x.x eq 3237
access-list INET_IN permit udp any host x.x.x.x eq 3238
access-list INET_IN permit udp any host x.x.x.x eq 3239
access-list INET_IN permit udp any host x.x.x.x eq 3240
access-list INET_IN permit udp any host x.x.x.x eq 3241
access-list INET_IN permit udp any host x.x.x.x eq 3242
access-list INET_IN permit udp any host x.x.x.x eq 3243
access-list INET_IN permit udp any host x.x.x.x eq 3244
access-list INET_IN permit udp any host x.x.x.x eq 3245
access-list INET_IN permit udp any host x.x.x.x eq 3246
access-list INET_IN permit udp any host x.x.x.x eq 3247
access-list INET_IN permit udp any host x.x.x.x eq 3248
access-list INET_IN permit udp any host x.x.x.x eq 3249
access-list INET_IN permit udp any host x.x.x.x eq 3250
access-list INET_IN permit udp any host x.x.x.x eq 3251
access-list INET_IN permit udp any host x.x.x.x eq 3252
access-list INET_IN permit udp any host x.x.x.x eq 3253
access-list INET_IN permit udp any host x.x.x.x eq 3254
access-list INET_IN permit udp any host x.x.x.x eq 3255
access-list INET_IN permit udp any host x.x.x.x eq 3256
access-list INET_IN permit udp any host x.x.x.x eq 3257
access-list INET_IN permit udp any host x.x.x.x eq 3258

access-list inside_outbound_nat0_acl permit ip any 192.168.169.208 255.255.255.240

access-list outside_cryptomap_dyn_20 permit ip any 192.168.169.208 255.255.255.240

access-list 101 permit ip 192.168.169.0 255.255.255.0 192.168.168.0 255.255.255.0

access-list 101 permit ip 192.168.170.0 255.255.255.0 192.168.168.0 255.255.255.0

access-list 101 permit ip 192.168.168.0 255.255.255.0 192.168.169.0 255.255.255.0

access-list 101 permit ip 192.168.168.0 255.255.255.0 192.168.170.0 255.255.255.0

access-list split_tunnel_acl permit ip any any

ip address outside x.x.x.18 255.255.255.248

ip address inside 192.168.169.22 255.255.255.0

ip local pool VPN 192.168.169.210-192.168.169.219 mask 255.255.255.0

global (outside) 1 x.x.x.19

nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 2 access-list 101 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) x.x.x.x LAB1-Server netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.x 192.168.169.210 netmask 255.255.255.255 0 0
static (inside,outside) x.x.x.x Polycom_VS4000 dns netmask 255.255.255.255 0 0

access-group INET_IN in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.17 1

route inside 192.168.0.0 255.255.0.0 192.168.169.21 1

aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa-server partnerauth max-failed-attempts 3
aaa-server partnerauth deadtime 10
aaa-server partnerauth (inside) host LAB2-Server <shared pw> timeout 5

sysopt connection permit-ipsec
sysopt connection permit-l2tp
crypto ipsec transform-set TRANS_ESP_DES_MD5 esp-des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_DES_MD5 mode transport
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_DES_MD5

crypto dynamic-map dynmap 10 set transform-set myset
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication partnerauth

crypto map mymap interface outside
isakmp enable outside

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

vpngroup vpn3000 address-pool VPN
vpngroup vpn3000 dns-server LAB2-Server
vpngroup vpn3000 wins-server LAB1-Server
vpngroup vpn3000 default-domain <domain-name>
vpngroup vpn3000 split-tunnel split_tunnel_acl
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password ********
rseier is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:59 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85