02-28-2007 02:54 PM - edited 03-11-2019 02:39 AM
outside users connect using vpn client ver:4.6.03 to a pix515e successfully. They can access our subnet of 172.16.0.0 with no issues. However when trying to access anything on one of our other networks (VLANS) or point to point t1 lans, they cannot. Our router is a 3845 that is the gateway between these lans.
I am not sure if this is an issue at our 3845 or our PIX. Any help would be appreciated. Thank you in advance.
Solved! Go to Solution.
02-28-2007 07:21 PM
Can you please make sure that you have the nat configured properly.
Are you doing split tunneling?
If so, make sure your split tunneling ACL does have the networks for the VPN client pool.
Thanks
Gilbert
02-28-2007 04:23 PM
Hi,
If I understand your statement correct, the 3845 router ethernet is in the same segment as the inside interface of the PIX firewall, correct?
So, you are trying to access subnets which are behind the 3845 router, correct?
Are you doing split-tunneling for the VPN clients?
For eg:
Lets just say you are assigning an IP address range of 192.168.20.x to your VPN clients.
If the internal IP address of PIX 172.16.0.1
If there is a network like 10.10.10.x connected to this 3845 router, make sure you have an ip route statement on the router which says
ip route 192.168.20.0 255.255.255.0 172.16.0.1
Let me know how this works out.
Rate this topic, if it helps!
Cheers
Gilbert
02-28-2007 04:42 PM
Correct on your first statement...same segment.
Correct on second question.. have sub interfaces( vlans) on 3845.
We are doing split-tunneling for our clients.
I do have a static route on the 3845...
ip route 192.168.200.0 255.255.255.0 to inside interface of PIX 172.16.0.1
I can ping devices on those vlans from the pix with no issue...but not from the client.
I am stumped here....thank you very much for helping!
02-28-2007 06:55 PM
Check that your crypto acl and your no nat acl include these inside subnets, not only your 172.16 network.
02-28-2007 07:23 PM
Sorry "acomiskey" - I did not see your post before posting my answer.
02-28-2007 07:27 PM
no problems :)
02-28-2007 07:21 PM
Can you please make sure that you have the nat configured properly.
Are you doing split tunneling?
If so, make sure your split tunneling ACL does have the networks for the VPN client pool.
Thanks
Gilbert
03-01-2007 09:01 AM
Adding the subnet I needed to get to in split tunneling worked! Thank you very much for your help! Appreciate everyones help on this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide