Good day all,
I am trying to configure the VPN client to a PIX 515. Once VPN'ed in, the traffic goes no where but on THAT subnet. The Vlan that we are attempting to reach is a 10.111.250.x/23. Once VPN'ed in the IP address assignment is 10.111.250.33 - 10.111.250.63. We can VPN in and get the VPN assigned IP address, but we cannot get anywhere on the inside Vlan. I was pretty sure this could be done as a layer 2. You can see the arped entries of the VPN assigned addresses and the inside Vlan address on the Pix.
Keep in mind, my first thought was to change the VPN assigned address, but we do not want to route on this particular Vlan as access is very limited.
Is there a way to make this work? If I have to redo attributes and policy, I can.
The output shows that the PIX is decrypting the packets but not encrypting.
So, there's a good chance that the packets are sent to the internal network but not coming back.
Check the following:
management-access inside --> this command is to allow PING to the inside IP of the PIX from the VPN (make sure if you can PING this IP when connected)
Check that the default gateway of the inside network (behind the PIX) is the actual inside IP of the PIX.
After these tests, post again ''sh cry ips sa''