Same network on both sides of a remote access VPN

Unanswered Question
Nov 6th, 2008

I inherited a remote access VPN problem that I'm not sure how to resolve.

I have a PIX 506E with a LAN address of It is the default gateway for that LAN. I've configured remote access VPN so that clients authenticate locally to the PIX. This works fine except for users who have configured at their home. They connect just fine, but cannot access LAN resources behind the PIX. What suggestions would you offer me?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Fri, 11/07/2008 - 06:19

We use a network that home users will probably never have, something like /24. You could also use a public address space, but you have to be careful of it being publicly routable or not.

Hope that helps.

Doug Anderson Fri, 11/07/2008 - 06:22

I agree this is the best answer, but I cannot implement that now and have to provide an interim solution.

Any assistance is greatly appreciately.

solpandor Fri, 11/07/2008 - 06:24

If you have configure RAVPN, then what you could do is create a pool of IP on a diff subnet ( and create accesslists for that network to go to


ip local pool RA_POOL -

access-list outside_cryptomap_65534 permit ip host

HTH and please rate if useful

husycisco Fri, 11/07/2008 - 12:51

Hello Doug,

Here is an interim solution

Lets assume that is your VPN pool,

access-list Pnat permit ip

static (inside,outside) access-list Pnat

add to your split-tunnel ACL and remove

Remove the ACE permit ip to vpnpool from NAT 0 ACL

Now VPN clients can connect the inside clients on same host portion but 10.255.255 subnet portion IP address. Lets say that you have a server in inside with IP, now you can connect that server from RA VPN client as

If didnt work, post your config and let me modify



This Discussion