09-30-2009 12:31 AM
Hello everybody,
I have a problem about VPN connection. actually, I can connect to my company via VPN but, I cannot reach the resources such as local computers, servers especially domain controller. when I connected with VPN, I am able got my VPN IPs, DNS and WINS information. But when I ping some server, It is timed out. I checked nat's configration and ip routes but I couldn't see any error. Logs says that:" Built inbound UDP connection 1026765 for outside:192.168.5.1/58072 (192.168.5.1/58072) to inside: DN50/53 (DN50/53)" . But UDP ports are allowed in my PIX.
you can find below my NAT conf.
nat-control
global (outside) 1 1.2.3.5 ( Reel IP )
global (outside) 2 1.2.3.4 ( Reel IP )
nat (outside) 2 192.168.5.0 255.255.255.0
nat (outside) 2 172.25.0.0 255.255.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 192.168.0.48 255.255.255.248
nat (inside) 1 0.0.0.0 0.0.0.0
Is there anyone have an idea, to resolve my problem ??
Thanks,
Serdar Karahanoglu
09-30-2009 06:45 AM
Hi,
Is your network setup something like this?
then, check on the L3-switch if it has the correct route for the vpn-ip-pool (pointing towards the PIX internal interface).
Also, check the contents of the ACL inside_nat0_outbound whether the IP and subnet masks are correct.
09-30-2009 10:52 PM
Hi,
Actually I am changing my topology right now, Here is my new topology
New!!
If you forget about ISA , my VPN clients can reach PIX and , obey the policy, getting their IPs (192.168.5.X) and DNS. And have a NAT for VPN s reach to Internal.
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
another one : access-list 80 standard permit 192.168.5.0 255.255.255.0
I think they are correct . Do u have any idea on it ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: