Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515E VPN Client cannot communicate with internal vlans

outside users connect using vpn client ver:4.6.03 to a pix515e successfully. They can access our subnet of 172.16.0.0 with no issues. However when trying to access anything on one of our other networks (VLANS) or point to point t1 lans, they cannot. Our router is a 3845 that is the gateway between these lans.

I am not sure if this is an issue at our 3845 or our PIX. Any help would be appreciated. Thank you in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX515E VPN Client cannot communicate with internal vlans

Can you please make sure that you have the nat configured properly.

Are you doing split tunneling?

If so, make sure your split tunneling ACL does have the networks for the VPN client pool.

Thanks

Gilbert

7 REPLIES
Cisco Employee

Re: PIX515E VPN Client cannot communicate with internal vlans

Hi,

If I understand your statement correct, the 3845 router ethernet is in the same segment as the inside interface of the PIX firewall, correct?

So, you are trying to access subnets which are behind the 3845 router, correct?

Are you doing split-tunneling for the VPN clients?

For eg:

Lets just say you are assigning an IP address range of 192.168.20.x to your VPN clients.

If the internal IP address of PIX 172.16.0.1

If there is a network like 10.10.10.x connected to this 3845 router, make sure you have an ip route statement on the router which says

ip route 192.168.20.0 255.255.255.0 172.16.0.1

Let me know how this works out.

Rate this topic, if it helps!

Cheers

Gilbert

New Member

Re: PIX515E VPN Client cannot communicate with internal vlans

Correct on your first statement...same segment.

Correct on second question.. have sub interfaces( vlans) on 3845.

We are doing split-tunneling for our clients.

I do have a static route on the 3845...

ip route 192.168.200.0 255.255.255.0 to inside interface of PIX 172.16.0.1

I can ping devices on those vlans from the pix with no issue...but not from the client.

I am stumped here....thank you very much for helping!

Green

Re: PIX515E VPN Client cannot communicate with internal vlans

Check that your crypto acl and your no nat acl include these inside subnets, not only your 172.16 network.

Cisco Employee

Re: PIX515E VPN Client cannot communicate with internal vlans

Sorry "acomiskey" - I did not see your post before posting my answer.

Green

Re: PIX515E VPN Client cannot communicate with internal vlans

no problems :)

Cisco Employee

Re: PIX515E VPN Client cannot communicate with internal vlans

Can you please make sure that you have the nat configured properly.

Are you doing split tunneling?

If so, make sure your split tunneling ACL does have the networks for the VPN client pool.

Thanks

Gilbert

New Member

Re: PIX515E VPN Client cannot communicate with internal vlans

Adding the subnet I needed to get to in split tunneling worked! Thank you very much for your help! Appreciate everyones help on this issue.

116
Views
6
Helpful
7
Replies