Cisco Support Community
Community Member

Can't access outside local subnet via VPN

We would like to setup VPN in such a way that remote users can VPN into the network and use their workstations as if they were on the LAN.

Currently, I have setup the VPN IP pools for private addressing. When I establish a VPN connection to our PIX 515, I can access resources within the LAN, but I access anything outside of the LAN, most likely because I have used a non-routable IP.

I was hoping that NAT would do the trick to translate the private IP to a spare IP on our subnet. I cannot find a way to do this because the PIX considers VPN traffic as coming in on the outside interface. When I try to access resources outside our LAN, the PIX denies the traffic with a "Deny inbound (no xlate) tcp src outside: dst outside:"

How can I setup an outside-outside NAT like this? Or what am I doing wrong here?

Community Member

Re: Can't access outside local subnet via VPN

i dont have the exact config so this may be off target but...

if your using the cisco software client, you want to enable split tunneling. this will allow tunnel bound traffic to use the tunnel but the clients "local net" traffic will not. this works for us with the pix locked down and vpn tunnels established to a vpn3015 concentrator.

CreatePlease to create content