05-13-2007 05:55 PM - edited 02-21-2020 03:03 PM
I have a situation that is driving me a bit nuts.
Remote VPN clients come into PIX as 10.32.0.0/16 to (inside) LAN 10.128.0.0/16
I had problems connecting to a host with inside address 10.128.128.12 ... connection via VPN would just not take place.
As a last resort, I added a secondary IP of 10.128.0.128 and ... voila ... connection made.
All networks defined as 16 bit (255.255.0.0). Is there some reason the 10.128.128.12 is being refused?
The statements that I think are relevant in the PIX config are:
ip local pool vpnpool1 10.32.0.1-10.32.0.254
access-list VPNxx permit ip inside 255.255.0.0 10.32.0.0 255.255.0.0
ip address inside 10.128.0.1 255.255.0.0
nat (inside) 0 access-list VPNxx
vpngroup xxxVPN address-pool vpnpool1
isakmp nat-traversal 20
Is there something that I am missing?
05-18-2007 05:27 AM
Try this:
Enabled NAT-Traversal on the pix, use the command "isakmp nat-traversal 20".
Refer this:
05-18-2007 10:48 AM
Note, on the listing above, that Nat-T is enabled.
Thanks, however, for the reply.
05-18-2007 11:05 AM
To answer your original question, no I don't think you are missing anything, not anything in the pix anyway. But if there is anything I've learned it is that there is a reason for everything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide