Client Internet access through PIX VPN [7:26530]
Hello, I have two offsite clients. Both connect to our LAN through a PIX 515 via the 3.1.1 client. One client uses DHCP, the other is static. I have split-tunnel enabled on the PIX referencing a separate access-list than my NAT statement. The client using DHCP can access the internet while connected to our LAN through VPN but the static client can not. He can only access the internet when disconnected from our LAN. I would like the static client to be able to access the Internet while connected to our LAN as well. Any ideas? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26530&t=26530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX subnet access-lists [7:23797]
I think it's access-list acl_out permit tcp 212.113.2.0 255.255.255.0 host 124.49.114.6 eq ftp Is that right? Thanks John ""John Zei"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know the access-list command that would allow an entire subnet > into an ftp site. Here are some examples of what I've tried: > access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host > 124.49.114.6 eq ftp > access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host > 124.49.114.6 255.255.255.255 eq ftp > > Neither of these worked. > > Thanks, > John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23799&t=23797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX subnet access-lists [7:23797]
Does anyone know the access-list command that would allow an entire subnet into an ftp site. Here are some examples of what I've tried: access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host 124.49.114.6 eq ftp access-list acl_out permit tcp host 212.113.2.0 255.255.255.0 host 124.49.114.6 255.255.255.255 eq ftp Neither of these worked. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23797&t=23797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 515 nat or static [7:23286]
Is there a command "nat (inside,outside) 64.23.67.5 192.168.1.4 netmask 255.255.255.255 0 0" ? I guess I thought that when I go from in to out I should use the nat command. I know I need to have the static so others can access the ftp server but am confused about the nat. since I have a static command for each internal ip to be translated to an external address does this static command allow the access to the internet? Can I remove the nat command or do I need both? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23362&t=23286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 515 nat or static [7:23286]
I am currently using the static command in order to allow our static internal ips to have static external ips. From what you say I should be using the nat command in place of the static. I do have a nat command in place. For example my nat statement would read "nat (inside) 1 192.168.1.0 255.255.255.0 0 0" and a sample static statement would read "static (inside,outside) 64.23.67.5 192.168.1.4 netmask 255.255.255.255 0 0" What am I doing here and what am I doing wrong? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23353&t=23286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]