PIX 515 Config? "ip local pool" /Cant browse network question
I am using a pix 515 with Cisco VPN Client Ver 3.5.2. Clients are win xp and servers are winy2k. I can create a VPN connection and authenticate through our radius server but cant browse the network........(i know there are tons of threads on this board with the same question) I have correct wins,and dns entries in the vpngroup command, and they are passed to the client. I can ping any machines on my internal network by ip and name but cant access them by \\hostname\share or \\ip address. I am confused by the ip local pool being made up of addresses in a different subnet (example internal network 192.168.100.0 ip local pool 192.168.101.0) Why would i want my vpn clients to have a address from a different network?
Having a pool on a different network is completely normal, and seems to be unrelated to the issue that you are facing (and IP connectivity is already there).
The reason you are not able to map network drive and/or browse the network via "My network places" could be based on the fact that your share point may be part of a MS domain, in that case, you would need to logon to the domain first to access those shares or browse the network, make sure that your W2K machines are added to the domain beforehand, and also that your W2K machines are not causing any Browser election process on the PIX internal network upon VPN connection(u can do it by disabling potential browser role).
Try using the "Start Before Logon" feauture from W2K machines for logging on to the domain.
I see.....I was under the impression that the IAS service (Radius Server) was providing the domain logon. I have been working with the "Start Before Logon" feature but i get a sockets error......probably due to the fact that I am testing on a dial-up and the connection cant be established until after logon. I also turned off the computer browser service to disable the potential browser role but so far it has not helped..............One strange thing..........after I establish the vpn connection, the vpn client is given a ip from my "ip local pool". When I query my wins and dns databases, they show entries with the last dhcp address that the client received and not the "ip local pool" address........that would account for my internal clients not being able to ping or connect to the vpn clients.........is the "ip local pool" address supposed to be updated in wins and dns?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...