03-15-2007 09:30 PM
We have a PIX 501 connected to DSL using PPPOE with outside to inside VPN setup and functioning using the EasyVPN client and a preshared key. We replace the DSL modem with a small router that is now doing the PPOE negociation instead of the nPIX. I have removed the VPDN references to PPPOE:
vpdn group pppoe_group request dialout pppoe
vpdn group pppoe_group localname xxx@sbcglobal.net
vpdn group pppoe_group ppp authentication pap
vpdn username xxx@sbcglobal.net password *********
vpdn username xxx@sbcglobal.net password ********* store-local
vpdn username scott password *********
vpdn username barry password *********
And left in the vpngroup lines:
vpngroup TQA_VPN address-pool CVPN_DHCP
vpngroup TQA_VPN dns-server 10.1.1.99
vpngroup TQA_VPN wins-server 10.1.1.99
vpngroup TQA_VPN default-domain tqa-inc.com
vpngroup TQA_VPN split-tunnel inside_outbound_nat0_acl
vpngroup TQA_VPN idle-time 1800
vpngroup TQA_VPN password ********
What do I need to add/chage to allow VPN access again?
I tried this to no avail:
vpdn group TQA_VPN accept dialin l2tp
vpdn group TQA_VPN l2tp tunnel hello 60
vpdn enable
Barry
Solved! Go to Solution.
03-19-2007 12:10 PM
Hi,
please enter the following commands on the PIX :
no crypto map outside_dyn_map 20
no vpngroup TQA_VPN1 address-pool vpnpool1
ip local pool vpnpool 192.168.1.1-192.168.1.20
access-list nonat permit ip any 192.168.1.0 255.255.255.0
access-list split permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
vpngroup TQA_VPN1 address-pool vpnpool
vpngroup TQA_VPN1 split-tunnel split
That should do it.
*Please rate if helped.
-Kanishka
03-18-2007 09:29 AM
Hi,
Could you please post the full config.What is the issue you are facing ?
What message you are getting on the client.
-Kanishka
03-19-2007 10:01 AM
I am now connecting with the VPN client but cannot access any resources. I have attached client log (everything appears O.K.) and the PIX configuration. Note that in the PIX configuration there is an "Incomplete" coment but I don't know why. Also assistance with a split tunnelling statement would be greatly appreciated.
Thanks,
Barry
03-19-2007 12:10 PM
Hi,
please enter the following commands on the PIX :
no crypto map outside_dyn_map 20
no vpngroup TQA_VPN1 address-pool vpnpool1
ip local pool vpnpool 192.168.1.1-192.168.1.20
access-list nonat permit ip any 192.168.1.0 255.255.255.0
access-list split permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list nonat
vpngroup TQA_VPN1 address-pool vpnpool
vpngroup TQA_VPN1 split-tunnel split
That should do it.
*Please rate if helped.
-Kanishka
03-20-2007 07:28 AM
I won't be able to try this until Sunday night. Thanks for your help. I'll let you know the results then.
Barry
03-27-2007 09:14 AM
That fixed the Remote Access. Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: