Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515 Config? "ip local pool" /Cant browse network question

I am using a pix 515 with Cisco VPN Client Ver 3.5.2. Clients are win xp and servers are winy2k. I can create a VPN connection and authenticate through our radius server but cant browse the network........(i know there are tons of threads on this board with the same question) I have correct wins,and dns entries in the vpngroup command, and they are passed to the client. I can ping any machines on my internal network by ip and name but cant access them by \\hostname\share or \\ip address. I am confused by the ip local pool being made up of addresses in a different subnet (example internal network ip local pool Why would i want my vpn clients to have a address from a different network?


Re: PIX 515 Config? "ip local pool" /Cant browse network questio


Having a pool on a different network is completely normal, and seems to be unrelated to the issue that you are facing (and IP connectivity is already there).

The reason you are not able to map network drive and/or browse the network via "My network places" could be based on the fact that your share point may be part of a MS domain, in that case, you would need to logon to the domain first to access those shares or browse the network, make sure that your W2K machines are added to the domain beforehand, and also that your W2K machines are not causing any Browser election process on the PIX internal network upon VPN connection(u can do it by disabling potential browser role).

Try using the "Start Before Logon" feauture from W2K machines for logging on to the domain.



New Member

Re: PIX 515 Config? "ip local pool" /Cant browse network questio

I see.....I was under the impression that the IAS service (Radius Server) was providing the domain logon. I have been working with the "Start Before Logon" feature but i get a sockets error......probably due to the fact that I am testing on a dial-up and the connection cant be established until after logon. I also turned off the computer browser service to disable the potential browser role but so far it has not helped..............One strange thing..........after I establish the vpn connection, the vpn client is given a ip from my "ip local pool". When I query my wins and dns databases, they show entries with the last dhcp address that the client received and not the "ip local pool" address........that would account for my internal clients not being able to ping or connect to the vpn the "ip local pool" address supposed to be updated in wins and dns?