Can't access other subnets once connected

Unanswered Question
Mar 28th, 2008

I have pix525 with ASA8 with ADSM6 behind layer 2(transparent mode) firewall.

I've configured Remote access VPN on this thing and I can connect from home(with NAT-T disabled)

all the ip address are public ip except the client from home which go through a NAT.

Once connected, I can't ping/reach any other subnet except the one that's assigned to cipsec0 interface.

I've try to add allow all on firewall rule on PIX itself, disabled NAT, many other settings, but can't seem to make it go beyond the "inside" net of the PIX.

any ideas?

here is simple diagram.

[email protected](10.0.0.2)->NAT(verizon)->internet->layer2firewall->PIX-outside(129.2.10.2)->PIX-inside(129.2.20.2)

now 129.2.20.0/24 network is not for VPN only, it's an existing subnet that has it's own default gateway.

inface the PIX is not the default gateway in any subnet.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dkim777oig Fri, 03/28/2008 - 08:31

Well, in my ASDM6 crypto maps settings.

"NAT-T Enabled" is checked.

BUT, in sh run, I don't see any command silimar to "crypto isakmp nat-traversal"

what is that mean?

acomiskey Fri, 03/28/2008 - 08:40

Then it is enabled. It would only display in config if it were disabled "no crypto isakmp nat-traveral".

Must be another issue, like nat exemption maybe, can you post the config?

kduckett Fri, 03/28/2008 - 12:01

This solved the same problem I was having with a Cisco ASA 5540. Thanks for the very helpful post.

Keith

Actions

This Discussion