Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

Can't access outside local subnet via VPN

dyoo
Level 1
Level 1

‎08-02-2002 09:53 AM - edited ‎02-21-2020 11:58 AM

We would like to setup VPN in such a way that remote users can VPN into the network and use their workstations as if they were on the LAN.

Currently, I have setup the VPN IP pools for private addressing. When I establish a VPN connection to our PIX 515, I can access resources within the LAN, but I access anything outside of the LAN, most likely because I have used a non-routable IP.

I was hoping that NAT would do the trick to translate the private IP to a spare IP on our subnet. I cannot find a way to do this because the PIX considers VPN traffic as coming in on the outside interface. When I try to access resources outside our LAN, the PIX denies the traffic with a "Deny inbound (no xlate) tcp src outside:192.168.1.1/1053 dst outside:100.100.100.100/137"

How can I setup an outside-outside NAT like this? Or what am I doing wrong here?

Labels:
0 Helpful
1 Reply 1

skiergaard
Level 1
Level 1

‎08-02-2002 01:32 PM

i dont have the exact config so this may be off target but...

if your using the cisco software client, you want to enable split tunneling. this will allow tunnel bound traffic to use the tunnel but the clients "local net" traffic will not. this works for us with the pix locked down and vpn tunnels established to a vpn3015 concentrator.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents