cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
745
Views
5
Helpful
12
Replies

Can not access office Internet from Home via VPN client

aansatosorigin
Level 1
Level 1

Hi all,

I got one pix firewall at my office but the problem is I can access other resources at my office except for internet connection when I remote VPN from Home. Any problem with my pix config?? (Config as attached). Really need kind advice. Tq

12 Replies 12

aansatosorigin
Level 1
Level 1

Hi all,

Sorry, here is the correct pix config. Please ignore my first post attachment. Tq.

Hi,

I see two things.

First your NAT exempt access-list could be just:

access-list inside_outbound_nat0_acl permit ip any 192.168.3.0 255.255.255.0

You don't need the deny statements if they are being denied after this entry. But still it would not be a reason for not working.

The problem is that you are using this same access-liat for your split tunneling and the access-list should be something like...

access-list remote_access_splitTunnelAcl permit ip 192.168.2.0 255.255.255.0 any

(because 192.168.2.0 is your inside LAN)

Check out this configuration example which might help you understand:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml#s2

HTH,

Paulo

Hi Paulo,

I already tested but not works. By the way, I issue a command "sh crypto isakmp sa", theres no IPsec session established. Is that possible?? I really not sure. And when I check "ipconfig" at my laptop, I got similar IP address and default gateway, for example 192.168.3.1 for both IP address. Is there possible problem?? Really need your advice. Thank you.

Hi,

Can you put the configuration here again so I can see what you changed?

If you do "ipconfig" on your laptop after logging into the VPN you should see two different subnets (if the split-tunneling is correctly configured): the one your router gives you for the Internet, and the one you configure for the VPN.

Rgds,

Paulo

Hi Paulo,

Please refer as attached configuration. For your information,for VPN client IP, when I issue "ipconfig", my laptop IP address is 192.168.3.1 and the default gateway also 192.168.3.1, is this ok?? Thanks so much for your continuous support. I really appreciate it. Thank you.

Hi,

I was just comparing it to my configs and I am not seeing anything wrong to be honest.

Can you try just putting the NAT exempt as the following line, instead of having all the deny statements there?

access-list inside_outbound_nat0_acl permit ip any 192.168.3.0 255.255.255.0

With which group are you trying? Tekmal1?

Regards,

Paulo Henriques

Hi Paulo Henriques,

Yes, Tekma1. By the way, is there any effect if I remove "pdm location"?? What is this command actual role?? Looks crowded. One more thing, is that possible to increase the internet connection speed on firewall configuration?? Any approach to follow to configure firewall to avoid slowness to the internet connection??I will try to test again then as advice and I ll definitely update you. Thanks so much!!

its me,

aans

Hi Paulo,

Yes!! Its works...but why the internet connection quite slow...hope you can advise. Thanks so much!!

Hey,

I'm glad it's working now.

I see no reason for the VPN to affect the speed of the Internet connection. Check your "ipconfig" to see what IP addresses you have. Also, check the "route print" to see if the route table on your PC has the right routes.

You should also do some traceroutes to the Internet and to your internal LAN and see if you can see any problem there.

Hope it helps. Also, if you find any of my help useful can you please rate it?

Regards,

Paulo

Hi Paulo,

By the way, ss that ok if I remove all the "pdm location" command??? Any effects?? Thanks.

its me again,

aans

Hi Aans,

The "pdm location command" is added in by the PDM so if you remove them the next time you access PDM it will just be added in again.

Just let it be ;).

Regards,

Paulo

Hi Paulo,

Actually, I able to access to some website example, www.msn.com, google.com but having problem to open page for yahoo.com, cnn.com. The error is the "page cant open". What should i do??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: