VPN on a PIX 501

Unanswered Question
Nov 6th, 2007

I am trying to set up a VPN connection for some auditors to one of my clients, and can't seem to get RDP to work. It appears that the Cisco VPN client is connected, but when I try to connect to a specific machine, I;m told that the machine can't be found.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
acomiskey Tue, 11/06/2007 - 11:29

Is the problem only related to rdp? Can they ping etc? Care to post a sanitized config?

JeremyAustin Tue, 11/06/2007 - 11:38

Ping doesn't respond either. When I launch the VPN client, it group authenticates fine, then radius works fine, and the lock icon closes. After that, however, nothing else seems to work. What do I need to do to sanitize a config. I'm a first-timer.

acomiskey Tue, 11/06/2007 - 11:44

Sanitizing means cleaning out any public ip addresses/passwords etc. Anything you wouldn't want anyone else to know.

Sounds like your problem is related to nat-traversal. Check to see if the following command is in your pix. If it isn't, add it in.

isakmp nat-traversal

acomiskey Tue, 11/06/2007 - 12:01

Which group is in question here? 5*vend0rs? If so, take a look at your VENDOR-SPLIT-TUNNEL acl.

access-list VENDOR-SPLIT-TUNNEL permit ip host 70.168.67.x

access-list VENDOR-SPLIT-TUNNEL permit ip host 70.168.67.x

This means that only traffic from the vpn clients to 70.168.67.x would be tunneled over the vpn. The second statement wouldn't really do anything. I think it should look more like your other split tunnel acl.

access-list VENDOR-SPLIT-TUNNEL permit ip


This Discussion