Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Dinamik (TechnicalUser)
6 Jun 11 12:01
Hi,

We have two offices. Headoffice has Ip subnet 192.168.0.0, remote office has IP subnet 192.168.4.0. There is another subnet (IPphone subnet) in Headoffice - 192.168.5.0
We cannot get access to telephone subnet from remote office to Headoffice IPphone subnet. In other words we cannot do ping 192.168.5.0 from 192.168.4.0

What is wrong?

This is PIX configuration of Headoffice:

PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100

access-list Outside-In permit tcp host ч.ч.ч.ч interface outside eq 2222
access-list Outside-In permit tcp any interface outside eq www
access-list Outside-In permit tcp any interface outside eq https
access-list Outside-In permit tcp any host x.x.x.x eq www

access-list Non-Nat permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Non-Nat permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Non-Nat permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list Non-Nat permit ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Non-Nat permit ip 192.168.5.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Non-Nat permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Non-Nat permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list Non-Nat permit ip 192.168.5.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list Non-Nat permit ip 192.168.3.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list Split-Tun permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Split-Tun3 permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list Split-Tun4 permit ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Split-Tun4 permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Split-Tun4 permit ip 192.168.5.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list Split-Tun6 permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list Split-Tun6 permit ip 192.168.3.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list Split-Tun6 permit ip 192.168.5.0 255.255.255.0 192.168.6.0 255.255.255.0
pager lines 24
logging on
logging history critical

ip audit attack action alarm
ip local pool IP-Pool1 192.168.1.50-192.168.1.100
ip local pool IP-Pool3 192.168.4.100-192.168.4.150
ip local pool IP-Pool4 192.168.2.100-192.168.2.150
ip local pool IP-Pool5 192.168.5.1-192.168.5.250
ip local pool IP-Pool6 192.168.6.100-192.168.6.150

arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list Non-Nat
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (inside) 1 192.168.5.0 255.255.255.0 0 0

access-group Outside-In in interface outside
route outside 0.0.0.0 0.0.0.0 y.y.y.y 1
route inside 192.168.3.0 255.255.255.0 192.168.0.47 1
route inside 192.168.5.0 255.255.255.0 192.168.0.47 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server MS-IAS protocol radius
aaa-server MS-IAS (inside) host 192.168.0.15 radiusauth timeout 10
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.0.84 255.255.255.255 inside
http 192.168.0.0 255.255.255.0 inside
http 192.168.0.0 255.255.255.255 inside
snmp-server location ottawa
snmp-server contact Silvan
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set Trans-1 esp-3des esp-sha-hmac
crypto dynamic-map CovConn-Dyno 10 set transform-set Trans-1
crypto map CovConn-VPN 10 ipsec-isakmp dynamic CovConn-Dyno
crypto map CovConn-VPN client authentication MS-IAS
crypto map CovConn-VPN interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup CovConn-Group1 address-pool IP-Pool1
vpngroup CovConn-Group1 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group1 default-domain ccinc.local
vpngroup CovConn-Group1 idle-time 1800
vpngroup CovConn-Group1 password ********
vpngroup CovConn-Group2 address-pool IP-Pool4
vpngroup CovConn-Group2 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group2 default-domain ccinc.local
vpngroup CovConn-Group2 split-tunnel Split-Tun
vpngroup CovConn-Group2 idle-time 1800
vpngroup CovConn-Group2 password ********
vpngroup CovConn-Group3 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group3 default-domain ccinc.local
vpngroup CovConn-Group3 split-tunnel Split-Tun3
vpngroup CovConn-Group3 idle-time 1800
vpngroup CovConn-Group3 password ********
vpngroup CovConn-Group4 address-pool IP-Pool3
vpngroup CovConn-Group4 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group4 default-domain ccinc.local
vpngroup CovConn-Group4 split-tunnel Split-Tun4
vpngroup CovConn-Group4 idle-time 1800
vpngroup CovConn-Group4 password ********
vpngroup CovConn-Group6 address-pool IP-Pool6
vpngroup CovConn-Group6 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group6 default-domain ccinc.local
vpngroup CovConn-Group6 split-tunnel Split-Tun6
vpngroup CovConn-Group6 idle-time 1800
vpngroup CovConn-Group6 password ********
vpngroup CovConn-Group5 address-pool IP-Pool5
vpngroup CovConn-Group5 dns-server 192.168.0.15 192.168.0.14
vpngroup CovConn-Group5 default-domain ccinc.local
vpngroup CovConn-Group5 split-tunnel Split-Tun4
vpngroup CovConn-Group5 idle-time 1800
vpngroup CovConn-Group5 password ********
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 15
console timeout 0

It seems there is something wrong with accesss-list Nonat.
May be I need to remove this command
nat (inside) 1 192.168.5.0 0 0

Thanks

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close