HELP!!! VPN config.

dpelea · ‎01-14-2002

Hello Experts!

Can somebody help me on VPN Pre shared configuration for my pix 515. The problem occurs once the user was able to connect using VPN accounts. He wasn't able to ping neither can connect to any machine that resides on my private network.

My configuration goes something like this, please tell me if I miss something.

Access-list 101 permit ip 1.0.0.0 255.0.0.0 30.0.0.0 255.0.0.0

ip local pool mypool 30.0.0.0-30.0.0.255

nat (inside) 0 access-list 129

sysopt connection permit ip-sec

no sysopt dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 999 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpnuser address-pool mypool

vpngroup vpnuser dns-server Exchange DNS1

vpngroup vpnuser default-domain mydomain.com

vpngroup vpnuser idle-time 1800

vpngroup vpnuser password ********

ssvrao · ‎01-15-2002

Hi,

can he ping any ip address in the private network? if you can not ping any machine, add a default route to the client with matric 2,

regards,

raul

ssvrao · ‎01-15-2002

continued....

the default gateway you add should be the inside ip address of the PIX..

regards,

Raul