Cisco 515E PIX Firewall VPN Problem

Unanswered Question
Sep 30th, 2009

Hello everybody,


I have a problem about VPN connection. actually, I can connect to my company via VPN but, I cannot reach the resources such as local computers, servers especially domain controller. when I connected with VPN, I am able got my VPN IPs, DNS and WINS information. But when I ping some server, It is timed out. I checked nat's configration and ip routes but I couldn't see any error. Logs says that:" Built inbound UDP connection 1026765 for outside:192.168.5.1/58072 (192.168.5.1/58072) to inside: DN50/53 (DN50/53)" . But UDP ports are allowed in my PIX.

you can find below my NAT conf.


nat-control

global (outside) 1 1.2.3.5 ( Reel IP )

global (outside) 2 1.2.3.4 ( Reel IP )

nat (outside) 2 192.168.5.0 255.255.255.0

nat (outside) 2 172.25.0.0 255.255.0.0

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 2 192.168.0.48 255.255.255.248

nat (inside) 1 0.0.0.0 0.0.0.0


Is there anyone have an idea, to resolve my problem ??


Thanks,


Serdar Karahanoglu

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Wed, 09/30/2009 - 06:45

Hi,


Is your network setup something like this?


--------


then, check on the L3-switch if it has the correct route for the vpn-ip-pool (pointing towards the PIX internal interface).


Also, check the contents of the ACL inside_nat0_outbound whether the IP and subnet masks are correct.


serdar_xp Wed, 09/30/2009 - 22:52

Hi,


Actually I am changing my topology right now, Here is my new topology

New!!

--------


If you forget about ISA , my VPN clients can reach PIX and , obey the policy, getting their IPs (192.168.5.X) and DNS. And have a NAT for VPN s reach to Internal.


access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0


another one : access-list 80 standard permit 192.168.5.0 255.255.255.0


I think they are correct . Do u have any idea on it ?

Actions

This Discussion