11-26-2007 01:53 PM - edited 02-21-2020 03:24 PM
I have a Cisco PIX with a site-to-site vpn and also client-to-site vpn. I can authenticate to the vpn and connect, however, I cannot access a pc on the internal network via Remote desktop. I have attached my config. Can someone tell me if I am missing something?
Config attached:
Thanks,
GDA
11-26-2007 01:57 PM
11-26-2007 04:37 PM
Hello.
I would suggest your not performing a no NAT (NAT 0) for traffic from the 192.168.50.x network to the 192.168.50.x networks.
Add the following and see how that goes....
access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.50.0 255.255.255.0
You may wish to add it with the correc subnets and mask for the internal and IPSEC client vpn ranges.
Tim
11-27-2007 10:22 AM
I think I already have the access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.51.0 255.255.255.0. Should I just remove the command: nat (inside) 0 access-list nonat?
Thanks,
GDA
12-02-2007 10:05 PM
No.
Your current acl is for the 50.0 to the 51.0 networks.
You have indicated your trying to get to an internal host, which i presume is on the 50.x subnet.
Your IP pool for IPSEC clients is also 50.x, hence your nat statement does not match.
Tim
12-03-2007 01:38 AM
Or you could just change your IP pool Pool1 range to 192.168.51.200-192.168.51.254 so it matches your ruleset, and see how that goes.
HTH
Kev
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: