PIX Config Snag

Unanswered Question
Jul 10th, 2007

Ok, so we've successfully setup VPN with our PIX, and we even have it authenticating to an Active Directory server via IAS. All works perfectly, except once the client is connect, it cannot see anything on the internal network. We try to browse network shares by name or IP address and neither work. I've posted the code for your perusal. We've removed the public IP's and passwords, and some conduits that do not affect this.

Any help is greatly appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 07/10/2007 - 11:35

Hi Mike

Try adding this to your config and see if it works

"isakmp nat-traversal"



jaffer_sathik2010 Wed, 07/11/2007 - 04:42


There is no commands for defining 'phase-2' parameters of VPN.

Put up 'phase-2' parameters with 'crypto map' command and apply the 'crypto map' to outside interface of the PIX device.

I guess, you have configured the pix for remote access vpn. Usually this will be configured in following steps :

1. Define phase-1 , phase-2 parameters

2. Define group policy

3. Associate group policy to tunnel group

Plz refer the below mention link which speaks about configuring remote access vpn on ASA devices. (This can be used for configuring PIX)



chantman06 Wed, 07/11/2007 - 04:57

Thanks for all the replies.

The actual issue was the fact that we are using 10.12.x.x in our real network. I didn't know that you had to give VPN clients IP addresses that you aren't already internally routing. I gave them a 192.168.50.x subnet, and all is well.

Also, had to do a little bit of split tunnelling , which wasn't too bad.


This Discussion