PIX 7.X Remote Access VPN cannot access remote networks

boshardy1 · ‎02-05-2007

Hello colleagues,

I have a PIX 525 running 7.1 code. I have noticed users on the Cisco VPN client cannot access our networks across the wan from our corporate datacenter. I am attaching my config since it is fairly long.

I am thinking I need the following statements to make this work: Most of the plant networks are on the 192.168.X.X range.

1). I need to add all the plant networks (lump those I can) into my Nat exemption on the inside interface.

2). Make sure my split tunnel ACL allows all the remote plant networks

ggilbert · ‎02-05-2007

Hi,

a. I wasnt able to figure out what your internal network was.

b. I wasnt able to figure out the object-group and names configured in the ACL "NAT_nat0_inbound" used for NAT excemption.

from the attached config.

For eg:

If your internal network is 10.10.10.0/24 and you are assigning the address 192.168.1.x/24 for your VPN client pools then you would need a NAT zero statement like this.

access-list 100 per ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 100

To answer your second question, if the remote plant are on your internal segment then with the nat exemption and split tunnel configured properly, you should be good to go.

Let me know if this helps.

Note: If there are routers on your internal network, make sure the routers have an entry to forward the packets destined for 192.168.1.x towards the PIX. (according to my example)

Thanks

Gilbert

Rate it, if this helps.