[fw-wiz] Cisco PIX to FW-1 VPN with policy NAT help request

From: Kari Mattsson (km#) (km1_at_trivore.com)
Date: 12/01/03

  • Next message: Robert L. Wanamaker: "[fw-wiz] OT: Sniffers"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 1 Dec 2003 18:37:43 +0200 (EET)


    I have a slight problem :-) It is propably an easy one for you..

    I can get the VPN tunnel up ok, but ping/telnet/etc. isn't going through.
    On the FW-1 end they claim traffic is coming is from network,
    which is not allowed. That is also why my pings are not answered.

    I'm trying to PAT all the traffic to IP

    Any hints why I'm not succeeding?

    Here are some of the fragments of my configuration.
    Public IPs are imaginary.

    access-list acl2 permit icmp any
    access-list acl2 permit ip any
    access-group inside_acl in interface inside

    access-list acl3 permit icmp host
    access-list acl3 permit ip host
    global (outside) 99 netmask
    global (outside) 99 netmask
    global (outside) 11 netmask
    nat (inside) 0 access-list no_nat
    nat (inside) 11 access-list acl3 0 0
    nat (inside) 99 0 0

    crypto map map7 10 ipsec-isakmp
    crypto map map7 10 match address acl3
    crypto map map7 10 set peer
    crypto map map7 10 set transform-set 3des-md5
    crypto map map7 10 set security-association lifetime seconds 86400
    isakmp key ******** address netmask no-xauth


    firewall-wizards mailing list

  • Next message: Robert L. Wanamaker: "[fw-wiz] OT: Sniffers"