We are setting up a pix internally in our net.
The network behind it is a private range but we aren't doing NAT. The outside address is public and we want external users to VPN to it to reach the private net.
My management station is outside of the firewall and I can manage the pix with HTTPS but I can't telnet or SSH to it. It doesn't even ask for a user name. The VPN client also times out. Currently, the ruleset is completely open. I tried to make the VPN configuration match our main, working pix, but the version is slightly different.
Here is the access list, I can also supply the crypto rules if asked:
access-list outside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list inside_access_out extended permit ip any any
access-list inside_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 any
access-list outside_cryptomap_dyn_20 extended permit ip any any
ip local pool our-pool 172.16.1.240-172.16.1.247 mask 255.255.255.248
nat (inside) 0 access-list inside_nat0_outbound
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 xxx.yyy.abc.def 1
October 3, 2006 6:09 PM
October 9, 2006 6:08 PM