03-15-2007 09:30 PM
We have a PIX 501 connected to DSL using PPPOE with outside to inside VPN setup and functioning using the EasyVPN client and a preshared key. We replace the DSL modem with a small router that is now doing the PPOE negociation instead of the nPIX. I have removed the VPDN references to PPPOE:
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname xxx@sbcglobal.net
vpdn group pppoe_group ppp authentication pap
vpdn username xxx@sbcglobal.net password *********
vpdn username xxx@sbcglobal.net password ********* store-local
vpdn username scott password *********
vpdn username barry password *********
And left in the vpngroup lines:
vpngroup TQA_VPN address-pool CVPN_DHCP
vpngroup TQA_VPN dns-server 10.1.1.99
vpngroup TQA_VPN wins-server 10.1.1.99
vpngroup TQA_VPN default-domain tqa-inc.com
vpngroup TQA_VPN split-tunnel inside_outbound_nat0_acl
vpngroup TQA_VPN idle-time 1800
vpngroup TQA_VPN password ********
What do I need to add/chage to allow VPN access again?
I tried this to no avail:
vpdn group TQA_VPN accept dialin l2tp
vpdn group TQA_VPN l2tp tunnel hello 60
vpdn enable
Barry
Solved! Go to Solution.
03-19-2007 12:10 PM
Hi,
please enter the following commands on the PIX :
no crypto map outside_dyn_map 20
no vpngroup TQA_VPN1 address-pool vpnpool1
ip local pool vpnpool 192.168.1.1-192.168.1.20
access-list nonat permit ip any 192.168.1.0 255.255.255.0
access-list split permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
vpngroup TQA_VPN1 address-pool vpnpool
vpngroup TQA_VPN1 split-tunnel split
That should do it.
*Please rate if helped.
-Kanishka
03-18-2007 09:29 AM
Hi,
Could you please post the full config.What is the issue you are facing ?
What message you are getting on the client.
-Kanishka
03-19-2007 10:01 AM
I am now connecting with the VPN client but cannot access any resources. I have attached client log (everything appears O.K.) and the PIX configuration. Note that in the PIX configuration there is an "Incomplete" coment but I don't know why. Also assistance with a split tunnelling statement would be greatly appreciated.
Thanks,
Barry
03-19-2007 12:10 PM
Hi,
please enter the following commands on the PIX :
no crypto map outside_dyn_map 20
no vpngroup TQA_VPN1 address-pool vpnpool1
ip local pool vpnpool 192.168.1.1-192.168.1.20
access-list nonat permit ip any 192.168.1.0 255.255.255.0
access-list split permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
vpngroup TQA_VPN1 address-pool vpnpool
vpngroup TQA_VPN1 split-tunnel split
That should do it.
*Please rate if helped.
-Kanishka
03-20-2007 07:28 AM
I won't be able to try this until Sunday night. Thanks for your help. I'll let you know the results then.
Barry
03-27-2007 09:14 AM
That fixed the Remote Access. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide