07-10-2007 11:23 AM
Ok, so we've successfully setup VPN with our PIX, and we even have it authenticating to an Active Directory server via IAS. All works perfectly, except once the client is connect, it cannot see anything on the internal network. We try to browse network shares by name or IP address and neither work. I've posted the code for your perusal. We've removed the public IP's and passwords, and some conduits that do not affect this.
Any help is greatly appreciated.
Thanks!
-Mike
07-10-2007 11:35 AM
Hi Mike
Try adding this to your config and see if it works
"isakmp nat-traversal"
HTH
Jon
07-10-2007 09:28 PM
hello.
I assume your routing 10.12.15.0/24 to your firewall!?
sysopt connection permit-pptp
My two cents
07-11-2007 04:42 AM
Hi,
There is no commands for defining 'phase-2' parameters of VPN.
Put up 'phase-2' parameters with 'crypto map' command and apply the 'crypto map' to outside interface of the PIX device.
I guess, you have configured the pix for remote access vpn. Usually this will be configured in following steps :
1. Define phase-1 , phase-2 parameters
2. Define group policy
3. Associate group policy to tunnel group
Plz refer the below mention link which speaks about configuring remote access vpn on ASA devices. (This can be used for configuring PIX)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml
--Jaffer
07-11-2007 04:57 AM
Thanks for all the replies.
The actual issue was the fact that we are using 10.12.x.x in our real network. I didn't know that you had to give VPN clients IP addresses that you aren't already internally routing. I gave them a 192.168.50.x subnet, and all is well.
Also, had to do a little bit of split tunnelling , which wasn't too bad.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide