Yes this rule is enabled!

But my question is pool is 192.168.1.x for the clients and my lan falls on 192.168.1.x. As far as firewall prespective it knows only 192.168.2.x as it is local,

once the client connects with pix, client got an ip 192.168.1.1 with gateway 192.168.1.2,

So do i have to give any security policy stating to permit between 192.168.1.x pool and 192.168.2.x local lan ?

if so how to give the policy,

any routing need to be added?

Hello,

All VPN traffic is treated as internal traffic. So, you do not need any

security rules to communicate with internal devices. One thing I am not

understanding is the "default gateway" you are getting. Who is the DHCP

server for the VPN clients? Which device has 192.168.1.2 (default gateway)

address? Typically, for Remote access VPN's, you do not need a default

gateway. The traffic hits the firewall automatically and then firewall will

route it. If you have a third-party dhcp server, can you remove the default

gateway option and see if that helps?

Regards,

NT

Yes dhcp is assigned from pix to windows client pool 192.168.1.1 to 1.254.

Once the client connects to PIX if i check my windows machine using ipconfig i can see 192.168.1.1 as machine ip and gateway as 192.168.1.2.

But my internal lan of PIX  falls on different subnet 192.168.2.x ,

so only i doubt how my firewall know about pool ? any route needed, how the traffic coming from pool treated, is it inside traffic /outside once client connects,,,

Hello,

Can you please try the following commands:

vpn-addr-assign dhcp

no vpn-addr-assign aaa

no vpn-addr-assign local

group-policy attributes

dhcp-network-scope 192.168.1.0

http://www.cisco.com/en/US/products/ps6120/products_configuration_example091

86a0080a66bc6.shtml

Hope this helps.

Regards,

NT