06-24-2008 01:05 PM - edited 02-21-2020 03:47 PM
Hi,
Been struggling with this for over a week now, using some of the forum posts and docs to resolve - getting close...so any help is much appreciated.
I'm using a PIX 501 to provide vpn access to my internal network. I've gotten the configuration to the point where I can connect to the VPN from the Internet but once I do so I cannot rdp, map a drive, etc. to any servers. I can ping the outside interface of the pix when connected via VPN, but that's it.
The configuration is:
Internet --> dlink dir-625 (forwarding to pix, inside ip is 10.1.1.1) --> pix (outside is 10.1.1.150, inside is 192.168.1.1)
When I have a device plugged into the pix directly it gets a 192.168.1.x address and can access everything on 10.1.1.x fine. I don't see anything that idicates errors in the pdm log or in the ipsec logging that I enabled - I used to get "no route from x to y" but I don't see them anymore with the current config which is attached. Thanks for any tips!
06-25-2008 07:17 PM
Looks like you're missing an ACL for traffic that should not be NATed and an associated NAT statement such as.....
nat (inside) 0 access-list nonat
Also, you'll need an ACL to define interesting traffic--the traffic that needs encrypted.
Then these need applied accordingly in your crypto and vpngroup statements.
Hope this helps,
JD
06-26-2008 12:35 AM
Thanks for your reply!
I *think* I have those statements in there:
This is my acl:
access-list 101 permit ip any 192.168.2.0 255.255.255.0
This is the nat statement:
nat (inside) 0 access-list 101
I've checked the command reference and don't see where the acl 101 should be directly referenced in a crypto statement. And the vpngroup statements only reference the acl for the split tunnel line (I've changed that to reference acl 101 - it was 102 in what I posted). Sorry to be so dense but it seems like these statements are in there...Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide