Help! Pix535 VPN configuration not working

Answered Question
Apr 9th, 2008
User Badges:

Hi,


We are trying to setup a remote vpn to allow clients in to our private lan then be able to use https outbound. Not split tunnel, as the client need to look like they are coming from our domain. Any help would be greatly appreciated. We can connect to the vpn with the client, and we can ping the inside network, but have issues trying to use https outbound via client. Please find my current config attached. Thanks in advance.



Correct Answer by acomiskey about 9 years 3 weeks ago

same-security-traffic permit intra-interface

nat (outside) 101 172.21.200.0 netmask 255.255.255.240


I would also add...


crypto isakmp nat-traversal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Wed, 04/09/2008 - 12:30
User Badges:
  • Green, 3000 points or more

same-security-traffic permit intra-interface

nat (outside) 101 172.21.200.0 netmask 255.255.255.240


I would also add...


crypto isakmp nat-traversal

eprivott Wed, 04/09/2008 - 12:48
User Badges:

Hi and thanks. I added those lines and created an access rule to allow 172 access to our DNS. I can use nslookup, but still cannot get out via IE.

husycisco Wed, 04/09/2008 - 21:55
User Badges:
  • Gold, 750 points or more

Hi Elsie,

Also add the following then post your final config

group-policy test attributes

split-tunnel-policy tunnelall


Regards

eprivott Thu, 04/10/2008 - 06:56
User Badges:

Thanks for your reply.


We did not want to do 'split-tunnel, however the commands that ACOMISKEY suggested worked.


Thanks



eprivott Thu, 04/10/2008 - 06:46
User Badges:

Thanks!!!


We tried your suggestions and it worked!!!


Thanks Again

Actions

This Discussion