Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
885
Views
0
Helpful
3
Replies

PPTP VPN for two VLANs

Jan Rolny
Level 3
Level 3

‎09-13-2010 07:22 AM

Hello,

i have little problem with configuring of client-to-site PPTP VPN on my PIX 501 for two VLANs together.

Now I have configured PPTP VPN for VLAN1 (192.168.8.x) and it works properly. I can dial VPN, IP address is assigned for client and client can access to servers and machines in 192.168.8.x network.

What i would like to configure (but i dont know if it is possible) is that via same PPTP VPN I will be able to access to both internal networks 192.168.8.x and also to 192.168.10.x (please se picture).

Could you please help me?

Thank you very much.

Jan.

Labels:
Preview file
18 KB
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎09-13-2010 08:19 AM

I think you just need to make sure the routing is properly.

i.e

You can access from the PPTP clients VLAN1 (this is because the packets can get from the PIX to VLAN1 and back to the PIX when replying to the clients.

Same cocept applies to the other VLAN.    

I imagine there's communication already between the PIX and VLAN10 correct?

Federico.

0 Helpful

Jan Rolny
Level 3
Level 3
In response to Federico Coto Fajardo

‎09-13-2010 11:17 AM

Hi Federico,

thaks fo reply :-)

I can reach VLAN1 via PPTP vpn becaus it resides on same subnet I think (PIX inside interface is 192.168.8.1 and VLAN1 machines are on same subnet)

Also PPTP client gets 192.168.8.x IP address. So it will be reason why thgere is no problem with VLAN1.

Question is where I should setup roueting if it is solution. On PIX or on L3 Switch? I tried to add new network (192.168.10.x) to PIX but it doesnot work.

I am not sure if it can be done. I think that there will be router needed.

Jan

0 Helpful

Jan Rolny
Level 3
Level 3
In response to Federico Coto Fajardo

‎09-13-2010 11:36 AM

Federico I solved my problem :-)

Whole problem was in configuration of default GW on client site. I have default gateway option in MS client checked out so I can connect to VPN and also browse internet BUT I cannot reach VLAN10 via VPN. Its because it is routed to my local LAN not to VPN (thanks different GW)

So I checked option "use default GW on remote network" on client side and now it work properly. BUT I cannot reach internet for moment when I have VPN established of course.

Jan.

0 Helpful
Customers Also Viewed These Support Documents