[c-nsp] Pix 515 Question :

Jean-Philippe Le Henaff togusa at free.fr
Mon Sep 27 09:49:42 EDT 2004


Hello there,

I have a Cisco Pix 515, I want to do a VPN on the DMZ interface and I want those
VPN users to be able to see my inside interface, and the outside interface

It looks like this :


Internet------(outside 1.1.1.128/25)[PIX](inside 10.0.0.0/8)-----LAN
                                      |
                                      |
                                (DMZ 1.1.1.0/25)
                                      |

In fact, I need that VPN users connects on the DMZ interface (1.1.1.122), to be
able to see computers on the inside interface and also be able to surf on the
web with the connection.

For the moment, I tried to configure and it doesn't work as I want.
I have that kind of errors :Sep 27 11:31:28 10.185.1.202 :Sep 27 11:27:13 CEDT:
%PIX-3-106011: Deny inbound (No xlate) tcp src DMZ:10.185.1.14/2219 dst
DMZ:213.228.61.14/80
Sep 27 11:27:13 CEDT: %PIX-3-106011: Deny inbound (No xlate) tcp src
DMZ:10.185.1.14/2220 dst DMZ:213.228.61.14/80
Sep 27 11:27:16 CEDT: %PIX-3-106011: Deny inbound (No xlate) tcp src
DMZ:10.185.1.14/2219 dst DMZ:213.228.61.14/80

Thanks for help



More information about the cisco-nsp mailing list