Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client to PIX 7.2

I am new to PIX and I would like to set up a connection so I can connect to PIX over the internet. I have the client software. What is a basic configuration can I use on the pix to make this work.

8 REPLIES
Cisco Employee

Re: VPN Client to PIX 7.2

Hi,

Try the following document :

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a008060f25c.shtml

HTH,

Please rate the post if it helps,

Regards,

Kamal

New Member

Re: VPN Client to PIX 7.2

I was able to set up the client vpn connection but once I have a connection I am not able to connect to any devices on the inside network. The client also gets a default gateway which is the same as the ip address. Is this normal? I am only able to ping the inside interface of the PIX but no other devices in the network. Any help would be greatly appreciated.

Thanks,

L

Cisco Employee

Re: VPN Client to PIX 7.2

Hi,

Enable "isakmp nat-t" on the PIX.

Hope this helps !!

-Kanishka

New Member

Re: VPN Client to PIX 7.2

Hi Kanishka,

I tried this command but it did not help. the host uses it's own ip address as the default gateway. Is this normal? How can I change this?

Thanks,

Cisco Employee

Re: VPN Client to PIX 7.2

If you do not have split tunneling enabled, the client will always have the pool iip as the default gateway. Its normal.

I would like to check the NAT rules on the PIX, if you can post them.

-Kanishka

New Member

Re: VPN Client to PIX 7.2

The inside network is 1.1.1.0/24. Below are the ACL's and NAT rules.

ip local pool remotevpn 1.1.1.245-1.1.1.246 mask 255.255.255.252

access-list INSIDE_nat0_outbound extended permit ip any 1.1.1.244 255.255.255.252

global (OUTSIDE) 1 interface

nat (INSIDE) 0 access-list INSIDE_nat0_outbound

nat (INSIDE) 1 1.1.1.0 255.255.255.0

access-list OUTSIDE extended permit ip any any

access-list INSIDE_access_in extended permit ip any any

access-list OUTSIDE_access_in extended permit ip any any

access-group INSIDE_access_in in interface INSIDE

access-group OUTSIDE_access_in in interface OUTSIDE

access-group OUTSIDE out interface OUTSIDE

crypto isakmp nat-traversal 20

Thanks,

L

Cisco Employee

Re: VPN Client to PIX 7.2

Hi,

Its not recommneded to have pool of the same subnet as the inside network as it will lead to routing issues.

Change the pool to any other subnet and also make the corresponding changes in the NAT 0 ACL.

Let me know if this helps.

-Kanishka

Cisco Employee

Re: VPN Client to PIX 7.2

120
Views
0
Helpful
8
Replies