I have setup a remote vpn on PIX 506 e with aaa-server radius. I am able to connect via AD users.
But When I connect to remote network my local lan and internet runs properly but I can not access remote lan.
PIX 506e 6.3
access-list outside_20_cryptomap permit ip 192.168.1.0 255.255.255.0 192.168.5.0
access-list mcstunnel permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.25
ip local pool mobile1 192.168.5.1-192.168.5.255
aaa-server RADIUS protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host 192.168.1.10 cisco123 timeout 5
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-des esp-md5-hmac
crypto dynamic-map outside_map 10 set transform-set ESP-3DES-SHA
crypto map outside_map 10 ipsec-isakmp dynamic outside_map
crypto map outside_map client authentication partnerauth
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 2
isakmp policy 11 lifetime 86400
vpngroup mcsvpn address-pool mobile1
vpngroup mcsvpn dns-server 192.168.1.10
vpngroup mcsvpn wins-server 192.168.1.10
vpngroup mcsvpn default-domain myf.com
vpngroup mcsvpn idle-time 1800
vpngroup mcsvpn password 12345
When you say, you can't access remote LAN, you mean you can't access 192.168.1.0/24 network (behind the PIX), right?
Can you share your NAT exemption configuration?
You would need to have the following:
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.5.0 255.255.255.0
nat (inside) 0 access-list nonat
If you already have those, please kindly share the config to see what could be the issue.
Hope that helps.