From: Phil (theccie@gmail.com)
Date: Thu Sep 09 2004 - 17:06:26 GMT-3
James,
Is the client you are coming from behind NAT? If it is you need the
"isakmp nat-traversal" in the PIX.
Phil
On Wed, 8 Sep 2004 18:10:36 +0200, James R. Yeo <james@net-brigade.com> wrote:
> I have followed the documentation with regards to setup. I can connect and
> authenticate but cannot get to anything!? Need access to the inside
>
> HELP!
> access-list 121 permit icmp any any
> access-list 121 permit ip 192.168.4.0 255.255.255.0 192.168.10.0 255.255.255.0
> !
> ip local pool vpn_pool 192.168.10.1-192.168.10.254
> !
> nat (inside) 0 access-list 121
> !
> sysopt connection permit-ipsec
> crypto ipsec transform-set mytrans esp-des esp-md5-hmac
> crypto dynamic-map dynmap 10 set transform-set mytrans
> crypto map mymap 10 ipsec-isakmp dynamic dynmap
> crypto map mymap interface outside
> isakmp enable outside
> isakmp identity address
> isakmp policy 10 authentication pre-share
> isakmp policy 10 encryption des
> isakmp policy 10 hash md5
> isakmp policy 10 group 2
> isakmp policy 10 lifetime 86400
> !
> vpngroup RSS_Azcom address-pool vpn_pool
> vpngroup RSS_Azcom dns-server 192.168.4.101
> vpngroup RSS_Azcom wins-server 192.168.4.101
> vpngroup RSS_Azcom default-domain rssa.co.za
> vpngroup RSS_Azcom split-tunnel 121
> vpngroup RSS_Azcom idle-time 1800
> vpngroup RSS_Azcom max-time 86400
> vpngroup RSS_Azcom password ********
> !
>
> Thanks
>
> James
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:40 GMT-3