VPN Remote Access Problem

Unanswered Question

I am facing an issue with remote access vpn.
VPN client pool assigned is to
please refer the attached scenario
When i tried to connect using vpn client its connected but the lan networks are not accessible, what might be the reason,?
After vpn client connected to firewall i can see the ip as with as gateway,
should i do any policy ?please help
pix ver 7.2


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Tue, 08/10/2010 - 21:38


Can you please verify that you have nonat rules configured in the firewall?

access-list nonat permit ip any

nat (inside) 0 access-list nonat

Hope this helps.



Yes this rule is enabled!

But my question is pool is 192.168.1.x for the clients and my lan falls on 192.168.1.x. As far as firewall prespective it knows only 192.168.2.x as it is local,

once the client connects with pix, client got an ip with gateway,

So do i have to give any security policy stating to permit between 192.168.1.x pool and 192.168.2.x local lan ?

if so how to give the policy,

any routing need to be added?

Nagaraja Thanthry Tue, 08/10/2010 - 22:00


All VPN traffic is treated as internal traffic. So, you do not need any

security rules to communicate with internal devices. One thing I am not

understanding is the "default gateway" you are getting. Who is the DHCP

server for the VPN clients? Which device has (default gateway)

address? Typically, for Remote access VPN's, you do not need a default

gateway. The traffic hits the firewall automatically and then firewall will

route it. If you have a third-party dhcp server, can you remove the default

gateway option and see if that helps?



Yes dhcp is assigned from pix to windows client pool to 1.254.

Once the client connects to PIX if i check my windows machine using ipconfig i can see as machine ip and gateway as

But my internal lan of PIX  falls on different subnet 192.168.2.x ,

so only i doubt how my firewall know about pool ? any route needed, how the traffic coming from pool treated, is it inside traffic /outside once client connects,,,


This Discussion