Solved: PIX 506E VPN caan connect, but no LAN

booksvalue · ‎04-17-2008

Heelo, We have a 506E with 6.3(3). we want to use Cisco VPN clinet to connect and can do so, but cannot ping on the LAN or connect to the servers...Need help wih the configurations as we are novices perhaps..Can someone look at the attached config. and see if we overlooked something...Thanks

acomiskey · ‎04-17-2008

Change your pool to something outside of 192.168.2.0/24.

ip local pool vpnpool 192.168.x.60-192.168.x.63

Then add a nat exemption acl for this network.

access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.x.0 255.255.255.0

nat (inside) 0 access-list nonat

Then, also change your split tunnel acl to reflect the new pool

access-list SplitTunnel permit ip 192.168.2.0 255.255.255.0 192.168.x.0 255.255.255.0

View solution in original post

acomiskey · ‎04-17-2008