Hi to everybody,
I need help about a problem that is making me crazy; it's a routing problem that happens ONLY using Windows Vista or Windos 7; with Windows XP all works perfectly.
In the following 6 firewalls installed, I have: 1 ASA5505, 2xPIX506E, 3xPIX501; in the attached file you can find the related configuration.
after created VPN tunnel, ALWAYS Windows XP creates automatically a dynamic route in order to allow trafic between the IP got (assigned by firewall) and the LAN addresses; using Windows VISTA or Windows 7 this route is not created, but it happens ONLY for 3 of these 6 firewall configurations (in the folder OK, you can find the configuration of "working" firewalls, into "NO OK" where it doesn't work).
I don't catch the difference in the configurations.
I know: there are some rules (static, access-list, etc) there are no longer used/needed (or also correct), but, at the moment, the target is to find (and to repair) the difference.
in Windows 7, I have seen that if, in the VPN IP configuration got after VPN established, there isn't the default gateway set, it always works. One of the "working" configurations sets the DG on Client (192.168.202.x) but it works, the other 2 configurations don't set the DG (Why is it set or not? Where can I define that in configuration/access-list?).
Let's assume that, after creating the VPN tunnel, the client obtains the IP: 192.168.53.1 and I want to ping the device 192.168.100.1 on LAN; while Windows XP is always able to ping the device, Windows 7 and Windows VISTA (but only for 3 of these 6 firewalls) not; so, in order to make it working under Vista or 7, I have to open a COMMAND PROMPT with Administrative rights and add the command (in the example):
ROUTE ADD 192.168.100.0 mask 255.255.255.0 192.168.53.1
After this command, also Windows 7 and Windows Vista are able to ping the device 192.168.100.1.
But it happens ONLY for 3 of 6 firewalls; on the remaining 3 firewalls it always works correctly under Windows XP, Windows VISTA or Windows 7
Scenario includes 2 customers that have 2 firewalls (one for each Internet line); one of them has 2 Pix501. A Pix501 works perfectly, the other one soffers of this problem.
The other customer has 2 PIX506E; one is good (working), the other one not.
It making me crazy; I'm afrid there is something wrong in the access-list, especially something that is intepreted differently in Windows XP and in Windows 7/Windows Vista, but I don't find the "key".
Many many thanks in advance to all for any help.
IMPORTANT: the configurations.zip files contains 2 sub folders named "OK" and "NO OK"; remember to unzip with sub folders