Remote VPN Connection - subnet access prob

curt-wwwww · ‎05-13-2007

I have a situation that is driving me a bit nuts.

Remote VPN clients come into PIX as 10.32.0.0/16 to (inside) LAN 10.128.0.0/16

I had problems connecting to a host with inside address 10.128.128.12 ... connection via VPN would just not take place.

As a last resort, I added a secondary IP of 10.128.0.128 and ... voila ... connection made.

All networks defined as 16 bit (255.255.0.0). Is there some reason the 10.128.128.12 is being refused?

The statements that I think are relevant in the PIX config are:

ip local pool vpnpool1 10.32.0.1-10.32.0.254

access-list VPNxx permit ip inside 255.255.0.0 10.32.0.0 255.255.0.0

ip address inside 10.128.0.1 255.255.0.0

nat (inside) 0 access-list VPNxx

vpngroup xxxVPN address-pool vpnpool1

isakmp nat-traversal 20

Is there something that I am missing?

carenas123 · ‎05-18-2007

Try this:

Enabled NAT-Traversal on the pix, use the command "isakmp nat-traversal 20".

Refer this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

curt-wwwww · ‎05-18-2007

Note, on the listing above, that Nat-T is enabled.

Thanks, however, for the reply.

acomiskey · ‎05-18-2007

To answer your original question, no I don't think you are missing anything, not anything in the pix anyway. But if there is anything I've learned it is that there is a reason for everything.