Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
2
Replies

connectivity issue - LAN on Windows domain to remote PIX 501 into domain 2

RidgeRunner.007
Level 1
Level 1

‎11-12-2005 11:01 AM - edited ‎02-21-2020 12:31 AM

Previous configuration was standalone ws running Cisco VPN Client version 4.6 and Windows Remote Desktop over internet to PIX 501 into Windows domain 1 running Terminal Server. New configuration is same software on LAN workstations connected to nic 1 on Windows Server (Domain Controller - domain 2) and then out on nic 2 - internet - Pix 501 - Windows Domain 1.

Trying to use Routing and Remote Access on Domain 2 with NAT/Basic Firewall - can establish authentication with PIX 501 but cannot connect to console session on Domain 1. Remote Desktop connection attempt times out.

Have normal browser connectivity from LAN over Routing and Remote access and can connect from Domain 2 LAN to remote mail servers which are not associated with domain 1 and the PIX 501.

Any guidance and suggestions would be appreciated.

Addressing scheme on Domain 2: NIC 1 with LAN is 192.168.16.16 - NIC 2 with Basic Firewall is 192.168.100.100

Addressing scheme on Domain 1 is unchanged from previously operational configuration which still operates correctly with standalone ws over internet to PIX 501.

Thank you! Ron Ridge

0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎11-12-2005 03:27 PM

several things need to be verified.

whether the address schemes are overlapping for domain 1, domain 2, and the vpn client pool.

assuming the domain 2 server is performing pat, whether the command "isakmp nat-traversal 20" has been applied on the pix.

providing there is an inbound acl on the domain 2 server, is esp current being permitted?

0 Helpful

RidgeRunner.007
Level 1
Level 1
In response to jackko

‎11-12-2005 03:50 PM

Domain 1: 192.168.1.x

Domain 2: Internet side - NIC1 192.168.100.x

Jackko, thank you for your response!

Address schemes:

Lan side - NIC2 192.168.16.x

PIX vpn client pool 192.168.5.x

Domain 1 and PIX unchanged from previous configuration.

Is there a document that describes the requirements that you are referring to for the PIX and for the Routing and Remote Access server?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card