06-24-2008 01:05 PM - edited 02-21-2020 03:47 PM
Hi,
Been struggling with this for over a week now, using some of the forum posts and docs to resolve - getting close...so any help is much appreciated.
I'm using a PIX 501 to provide vpn access to my internal network. I've gotten the configuration to the point where I can connect to the VPN from the Internet but once I do so I cannot rdp, map a drive, etc. to any servers. I can ping the outside interface of the pix when connected via VPN, but that's it.
The configuration is:
Internet --> dlink dir-625 (forwarding to pix, inside ip is 10.1.1.1) --> pix (outside is 10.1.1.150, inside is 192.168.1.1)
When I have a device plugged into the pix directly it gets a 192.168.1.x address and can access everything on 10.1.1.x fine. I don't see anything that idicates errors in the pdm log or in the ipsec logging that I enabled - I used to get "no route from x to y" but I don't see them anymore with the current config which is attached. Thanks for any tips!
06-25-2008 07:17 PM
Looks like you're missing an ACL for traffic that should not be NATed and an associated NAT statement such as.....
nat (inside) 0 access-list nonat
Also, you'll need an ACL to define interesting traffic--the traffic that needs encrypted.
Then these need applied accordingly in your crypto and vpngroup statements.
Hope this helps,
JD
06-26-2008 12:35 AM
Thanks for your reply!
I *think* I have those statements in there:
This is my acl:
access-list 101 permit ip any 192.168.2.0 255.255.255.0
This is the nat statement:
nat (inside) 0 access-list 101
I've checked the command reference and don't see where the acl 101 should be directly referenced in a crypto statement. And the vpngroup statements only reference the acl for the split tunnel line (I've changed that to reference acl 101 - it was 102 in what I posted). Sorry to be so dense but it seems like these statements are in there...Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: