I have recently joined a company which did have 8 NT/Novell servers running through a Cisco PIX 515E router/firewall which was complete overkill for a company of 35 people! It had internal addressing of 192.168.1.x SN Mask 255.255.255.0 It's now replaced with 1 Windows 2003 SBS Server + the PIX and internal addressing is now 10.0.0.x SN Mask 255.255.255.0.
Everything is working well, including Windows based VPN into the server (PPTP with PIX passthrough?!). I just have one MAJOR issue. Users within the network here do remote support to our products [which contain a Windows PC] on customer sites using PC Anywhere. The ones which are setup to use analog modems work fine, the ones who have assigned a public IP to their system work fine, but we have one client where we connect to their VPN first and then connect via TCPIP which will NOT work. The customer has a Cisco VPN (so we're connecting from inside our PIX to their Cisco appliance) The Cisco VPN client connects and is assigned an IP [a 10.116.152.x Subnet Mask 255.255.252.0 address] but then all connectivity is lost to the 10.0.0.x network (but this used to happen!) and I cannot ping any of the valid addresses on the client network.
If I take the PC trying to connect from inside our network to the server room and connect on a non firewalled port [I agree dangerous, but I needed to diagnose the problem!!] OR connect to the internet using our AT&T dialler, I again connect on the VPN ok, but then can also connect to the client ip addresses. I think I've therefore proved it's the PIX and it's failure to route correctly, but I'm kind of struggling after that!! I also tried using a "home office" linksys router with just basic config and that worked.
I tried assigning a static internal ip and configuring a static NAT rule to redirect that to a static public IP (I have a pool of 14 public addresses and am currently only using one for the PIX router). I'm not too good on the PIX console at defining access lists etc, so I used the PDM to do this... I think I did everything right, but I guess because the IP address assigned to the VPN adapter isn't the same as the one I give the NIC it still doesn't know how to route the packets... If I type arp -a at the command prompt I just see the MAC address for the PIX...
While my users can use the internet dial up it's a waste of money and VERY slow, so they're not going to stick with it for long!
Unfortunately I do not have a copy of the PIX config from before the changeover (or I wouldn't be in this position!!)
The PIX is running v6.3 and does not have enough RAM to upgrade further. Any ideas or suggestions on how I can move forward would be very welcome!! :->
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :