Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
4
Replies

Accessing machines through VPN

Go to solution
albertobrivio
Level 1
Level 1

‎01-31-2006 07:39 AM - edited ‎02-21-2020 02:13 PM

Dear ALL,

I've established a VPN link between PIX515 6.3 and a VPN Client 4.6, conenction goes up without problem.

But now, how can I get access to the machines installed into the inside zone ? (example, using remote desktop)

I tried with a vpn pool of public address (outside) and private address (inside) but I can't get access to those machines.

Please, what I have to do to get access ? Regards Alberto Brivio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9

‎01-31-2006 08:11 AM

hello alberto,

Is the client getting IP address from the pool ? If so, is the IP pool on a different subnet than the inside segment ?

In this case, you need to do the following:

1) do a no nat for the traffic from inside to the IP pool.

nat (inside) 0 access-list nonat

access-list nonat permit ip host 192.168.1.1 10.1.1.0 255.255.255.0

where 192.168.1.1 is the server the end users access, and 10.1.1.0/24 is the IP pool

2) if you have an access-list on the inside, allow access between the LAN and the IP pool.

Try these and let us know..

Raj

View solution in original post

0 Helpful
4 Replies 4

Go to solution
sachinraja
Level 9
Level 9

‎01-31-2006 08:11 AM

hello alberto,

Is the client getting IP address from the pool ? If so, is the IP pool on a different subnet than the inside segment ?

In this case, you need to do the following:

1) do a no nat for the traffic from inside to the IP pool.

nat (inside) 0 access-list nonat

access-list nonat permit ip host 192.168.1.1 10.1.1.0 255.255.255.0

where 192.168.1.1 is the server the end users access, and 10.1.1.0/24 is the IP pool

2) if you have an access-list on the inside, allow access between the LAN and the IP pool.

Try these and let us know..

Raj

0 Helpful

Go to solution
albertobrivio
Level 1
Level 1
In response to sachinraja

‎01-31-2006 09:43 AM

Dear Raj,

I added acl that allow access between the LAN and the IP pool.

Then, from an inside machine I can access the outside machine (the client), but the client can't access any machine (server) in the inside zone.

Seems to miss the right route, after some pings, an outside hop respons telling the host is not reachable. (pinging vpn pool host 10.0.0.0 255.255.255.0 )

Alberto

0 Helpful

Go to solution
nicolelayne
Level 1
Level 1
In response to albertobrivio

‎01-31-2006 10:16 AM

Hi Alberto,

It may be useful for you to post the following (taken from your configuration):

any ACLs

any nat statements

any routes

vpn pool

Also, does the machine on the inside zone have a desktop firewall or XP Service Pack 2 installed?

Regards,

Nicôle

0 Helpful

Go to solution
albertobrivio
Level 1
Level 1
In response to nicolelayne

‎02-01-2006 01:13 AM

Dear Nicôle,

I spent yesterday night finding possible mistakes, and I found it !

There was an incongruous netmask between local pool, acl preventing ip-sec packet natting and acl permitting inside outbound traffic.

Now, it's up and runnig.

Thanks all of you for support.

Alberto

0 Helpful
Customers Also Viewed These Support Documents