Hi, I have tried to configured a VPN3000 client configuration to my Pix as an evaluation process; I think I have got the client configured. (CLI is no easy task for me; needless to say the debugging nightmare) I am now able to connect to the network behind the pix via a VPN tunnel.
However, when I try to access the public internet from the client. I am unable to do so. It seems all traffic (regardless if it's going to the protected VPN domain or public domain) are encrypted. It seems that pix is blocking the packet once it is decrypted:
PIX DEBUG:106011: Deny inbound (No xlate) icmp src outside:222.222.222.1 dst outside:10.3)
pix configuration
access-list jason-vpn permit ip 222.222.222.0 255.255.255.0 any
global (outside) 2 10.3.20.136
nat (inside) 2 222.222.222.0 255.255.255.0 0 0
ip local pool vpn-pool 222.222.222.1-222.222.222.5
vpngroup vpn3000 address-pool vpn-pool
Any tips, suggestions would be appreciated!
Jason
Jason Yuan
Consultant
Niles Associates
Tel: 510-385-3988
Fax: 815-327-6544
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. Yahoo! by Phone.
