Is it possible to ping VPN remote on NIC IP?

Unanswered Question
Dec 21st, 2009

PIX 501 running 6.3 on a 192.168.1.x LAN.
Cisco VPN client (5.06) on an XP SP3 desktop running on a remote LAN set to 192.168.0.x.
I need to be able to ping the desktop's NIC ip address of 192.168.0.11
I can ping the VPN group assigned IP address of 192.168.44.100 and reach shares on the desktop using that IP address but not using 192.168.0.11.
A softphone app I want to use must be able to be reached from 192.168.1.x LAN over VPN to the remote's NIC address of 192.168.0.11
I wanted to make sure this is possible before posting my PIX configuration.
I tried adding the following:
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.0.96 255.255.255.240
access-list outside_cryptomap_dyn_20 permit ip any 192.168.0.96 255.255.255.240
Thanks
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
busterswt Tue, 12/22/2009 - 21:29

I don't think this is possible, but you might try adding a route to a server on the 192.168.1.x LAN with a destination of 192.168.0.11 and next hop of 192.168.44.100 (or whatever IP your client VPN adapter is assigned).

You'd still need the no-nat ACL you posted.

Very curious to know if this works!

James

Actions

This Discussion