04-21-2008 12:09 AM - edited 02-21-2020 01:59 AM
Hi.
I'm fairly new to Cisco and am having some trouble configuring a Cisco PIX 506E. I would really appreciate some help.
The device is being used as the main firewall for our office and that part is working fine. It's also configured to provide PPTP connectivity/authentication for home users, and here lies the problem! The home users can connect fine, and are able to access office resources, however they cannot access the Internet. If I enable logging and try to browse to www.google.co.uk (from a PPTP client) the following entry is logged:
110001: No route to 207.46.193.254 from 172.25.101.100
I've attached a copy of the config (external IP has been changed for security reasons) and any help/advice would be very much appreciated.
Paul
04-21-2008 08:19 PM
Paul, you need to PAT the VPN pool network for internet traffic.
Try this and post results
nat (oustide) 1 172.25.101.0 255.255.255.0
Rgds
Jorge
04-22-2008 06:10 AM
Paul, would like to make a correction.. I did not realized you are running pix 6.x code on 506E, so my above statement does not applies becuase in 6.x code traffic comming in one interface may not go out on the same interface, from what I understand you would need to implement split tunneling but I have not seen any documentation on slpit tunnel using PPTP , you would have to run Ipsec instead and configure split tunneling for internet.
Rgds
Jorge
04-22-2008 06:19 AM
Many thanks for your help. I will have to try a VPN client with split-tunnel.
I must say that it's frustrating that something like this is not supported - you'd have thought it's a common requirement!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: