Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
1
Replies

Is it possible to ping VPN remote on NIC IP?

pfmitadmin
Level 1
Level 1

‎12-21-2009 11:05 AM


PIX 501 running 6.3 on a 192.168.1.x LAN.
Cisco VPN client (5.06) on an XP SP3 desktop running on a remote LAN set to 192.168.0.x.
I need to be able to ping the desktop's NIC ip address of 192.168.0.11
I can ping the VPN group assigned IP address of 192.168.44.100 and reach shares on the desktop using that IP address but not using 192.168.0.11.
A softphone app I want to use must be able to be reached from 192.168.1.x LAN over VPN to the remote's NIC address of 192.168.0.11
I wanted to make sure this is possible before posting my PIX configuration.
I tried adding the following:
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.0.96 255.255.255.240
access-list outside_cryptomap_dyn_20 permit ip any 192.168.0.96 255.255.255.240
Thanks
Labels:
0 Helpful
1 Reply 1

busterswt
Level 1
Level 1

‎12-22-2009 09:29 PM

I don't think this is possible, but you might try adding a route to a server on the 192.168.1.x LAN with a destination of 192.168.0.11 and next hop of 192.168.44.100 (or whatever IP your client VPN adapter is assigned).

You'd still need the no-nat ACL you posted.

Very curious to know if this works!

James

0 Helpful
Customers Also Viewed These Support Documents