Cisco Support Community
Community Member

Help with PIX vpn question?

Hello, we have both the cisco 3des vpn setup for use with the cisco secure client and we have pptp setup on our PIX firewall. The problem I am running into is that we need to be able to fully access our DMZ after tunneling in. We have gotten it so that when we tunnel in with the Cisco client we are able to telnet to devices in the DMZ, however we can not map drives. With the PPTP client I am unable to do either. I have duplicated the access lists we have in place for the IP pool that the cisco clients get with the pool of IP's that the PPTP clients get... however that didn't help. I think I am missing something pretty simple involved with a conduit, however i'm not sure.

Any suggestions would be appreciated!~


Community Member

Re: Help with PIX vpn question?

This sounds more like a OS (i.e NT) permission problem. Since you can telnet to the devices on the DMZ, this indicates that the network is intact. Since you cant access the network resources i.e map drives this indicate that you're not logon on to that particular domain or the domain that the devices on the DMZ reside on do not trust your domain.

Which OS are the servers on the DMZ running?

Are the servers on the DMZ on a seperate domain from that of the inside interface. If so is there a trust relationship between them?

Let me know what you think.

Community Member

Re: Help with PIX vpn question?

I think I worded my question poorly :) - with the Cisco VPN client we are able to telnet etc, with the PPTP client we were denied totally. I had figured it was a standard access-list problem, and it turns out it was! I didn't realize that it you name something in your config, everything is case sensitive. Thus when I put the access list in that I figured would work, it didn't... I fixed that and walla access!

Thanks for the response!

CreatePlease to create content