PIX Config Snag

chantman06 · ‎07-10-2007

Ok, so we've successfully setup VPN with our PIX, and we even have it authenticating to an Active Directory server via IAS. All works perfectly, except once the client is connect, it cannot see anything on the internal network. We try to browse network shares by name or IP address and neither work. I've posted the code for your perusal. We've removed the public IP's and passwords, and some conduits that do not affect this.

Any help is greatly appreciated.

Thanks!

-Mike

Jon Marshall · ‎07-10-2007

Hi Mike

Try adding this to your config and see if it works

"isakmp nat-traversal"

HTH

Jon

timkaye · ‎07-10-2007

hello.

I assume your routing 10.12.15.0/24 to your firewall!?

sysopt connection permit-pptp

My two cents

jaffer_sathik2010 · ‎07-11-2007

Hi,

There is no commands for defining 'phase-2' parameters of VPN.

Put up 'phase-2' parameters with 'crypto map' command and apply the 'crypto map' to outside interface of the PIX device.

I guess, you have configured the pix for remote access vpn. Usually this will be configured in following steps :

1. Define phase-1 , phase-2 parameters

2. Define group policy

3. Associate group policy to tunnel group

Plz refer the below mention link which speaks about configuring remote access vpn on ASA devices. (This can be used for configuring PIX)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

--Jaffer

chantman06 · ‎07-11-2007

Thanks for all the replies.

The actual issue was the fact that we are using 10.12.x.x in our real network. I didn't know that you had to give VPN clients IP addresses that you aren't already internally routing. I gave them a 192.168.50.x subnet, and all is well.

Also, had to do a little bit of split tunnelling , which wasn't too bad.