07-09-2002 10:42 AM - edited 03-10-2019 01:24 PM
Hello,
I have a vpn server configured on the pix501 using ipsec. I can vpn without any problem through the pix501 and access resources on my win2000 server which is behind the firewall.
When I am connected through the vpn, i can ping any computers, printers and tcp/ip devices on the local area network, ie: 192.168.3.x.
The only problem is pinging a SCO-UNIX on my LAN ie: 192.168.3.50
I get reply timout from the ping. What gives?
I am assuming the the SCO-UNIX box can not handle encrypted tunneling traffic through the vpn services.
what do you think?
travis,
07-09-2002 03:13 PM
PIX will handle the encryption and decryption, so it is the clear traffic reach to your SCO-UNIX box.
It is normally a routing issue.
Please check the routing in that SCO-UNIX box.
Is that SCO-UNIX box default gateway point to your PIX inside interface ?
If not, if you assing the VPN pool 192.168.1.x, you need add a static route for that pool in the SCO-UNIX box.
Best Regards,
07-09-2002 09:18 PM
I don't believe the default gateway on sco-unix is pointing to the inside pix int. I'll check.
Everyone else running pcs (98,xp2000) can ping the sco-unix except the vpn-connected pc.
the sco-unix box is on the same subnet (ie: 192.168.3.x) as the rest of the LAN.
thanks,
travis,
07-10-2002 02:20 AM
In the same subnet 192.168.3.x all using broadcasting to find each other.
This is reason why there is no routing issues there.
But the VPN clients is in different subnet, they need the return routes to make it working.
I think all your other PCs , 98, xp,2000 default gateway is the PIX inside interface, but the Sco-unix is not. Add a return route inthe Unix box will do.
Best Regards,
07-11-2002 11:07 AM
that make a lot of sense. thank you for your help.
Travis,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide