VPN Client not Ping internal network

Unanswered Question
Jan 13th, 2008
User Badges:

Dear All,


My vpn client is able to connect and get the ip address from the pool configured on vpn concentrator. But client is not able to ping the internal network that are inside the pix firewall.




concentrator is private interface connected with firewall dmz interface.


pix dmz ip 172.28.95.2


concentrator 172.28.95.95


remote access client ip: 172.28.37.x


I have configured the split tunneling for the follwing pix firewall networks on the conncentrator.

172.28.92.0/0.0.0.255

172.28.95.0/0.0.0.255

172.28.96.0/0.0.0.255

172.31.0.0/0.0.255.255

192.168.249.164/0.0.0.3

172.28.32.0/0.0.0.255

172.28.64.0/0.0.0.255

172.28.98.0/0.0.0.255


concentrator is able to reach all of the above networks without any problem.


But client is able to ping any of the above networks, except concentrator private interface.


static (inside,edn) 172.28.32.0 172.28.32.0 netmask 255.255.255.255

static (inside,edn) 172.28.92.0 172.28.92.0 netmask 255.255.255.255

static (inside,edn) 172.28.64.0 172.28.64.0 netmask 255.255.255.255


access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.32.0 255.255.255.0


access-list nonat extended permit ip 172.28.92.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.32.0 255.255.255.0 172.28.37.0 255.255.255.0

access-list nonat extended permit ip 172.28.64.0 255.255.255.0 172.28.37.0 255.255.255.0

nat (inside) 0 access-list nonat



access-list edn_acl extended permit ip 172.28.37.0 255.255.255.0 172.28.32.0 255.255.255.0

access-list edn_acl extended permit ip 172.28.37.0 255.255.255.0 172.28.92.0 255.255.255.0

access-list edn_acl extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0


route edn 172.28.37.0 255.255.255.0 172.28.95.95 1




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion