Cisco Support Community
Community Member

connectivity issue - LAN on Windows domain to remote PIX 501 into domain 2

Previous configuration was standalone ws running Cisco VPN Client version 4.6 and Windows Remote Desktop over internet to PIX 501 into Windows domain 1 running Terminal Server. New configuration is same software on LAN workstations connected to nic 1 on Windows Server (Domain Controller - domain 2) and then out on nic 2 - internet - Pix 501 - Windows Domain 1.

Trying to use Routing and Remote Access on Domain 2 with NAT/Basic Firewall - can establish authentication with PIX 501 but cannot connect to console session on Domain 1. Remote Desktop connection attempt times out.

Have normal browser connectivity from LAN over Routing and Remote access and can connect from Domain 2 LAN to remote mail servers which are not associated with domain 1 and the PIX 501.

Any guidance and suggestions would be appreciated.

Addressing scheme on Domain 2: NIC 1 with LAN is - NIC 2 with Basic Firewall is

Addressing scheme on Domain 1 is unchanged from previously operational configuration which still operates correctly with standalone ws over internet to PIX 501.

Thank you! Ron Ridge


Re: connectivity issue - LAN on Windows domain to remote PIX 501

several things need to be verified.

whether the address schemes are overlapping for domain 1, domain 2, and the vpn client pool.

assuming the domain 2 server is performing pat, whether the command "isakmp nat-traversal 20" has been applied on the pix.

providing there is an inbound acl on the domain 2 server, is esp current being permitted?

Community Member

Re: connectivity issue - LAN on Windows domain to remote PIX 501

Domain 1: 192.168.1.x

Domain 2: Internet side - NIC1 192.168.100.x

Jackko, thank you for your response!

Address schemes:

Lan side - NIC2 192.168.16.x

PIX vpn client pool 192.168.5.x

Domain 1 and PIX unchanged from previous configuration.

Is there a document that describes the requirements that you are referring to for the PIX and for the Routing and Remote Access server?

CreatePlease to create content