10-24-2003 05:15 AM - edited 02-21-2020 12:50 PM
I have setup a VPN client to terminate at the PIX with vpngroup and it connects successfully but I cannot reach anything on the network I connect to.
Yet I can reach the client( ping, pcAnywhere)from my desktop within the network after the client connects.
If anyone has an idea why I cannot access anything on the netwrok from the client I can post my PIX configuration and see what I'm missing. Thanks.
10-24-2003 05:34 AM
Please post your config.
10-24-2003 07:20 AM
Here is my config. I removed some of the stuff that is on all the PIX's.
:
PIX Version
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password xxxxx
passwd xxxxxx
hostname *****
domain-name *****
names
access-list Cisco_VPN permit ip host x.x.37.146 192.168.10.0 255.255.255.0
pager lines 24
logging on
logging trap informational
logging host inside 192.168.10.24
logging host inside 192.168.10.68
interface ethernet0 10baset
interface ethernet1 10full
interface ethernet2 auto shutdown
icmp deny any echo-reply outside
icmp permit any unreachable outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside x.x.x.146 255.255.255.255
ip address inside 192.168.10.90 255.255.255.0
ip address intf2 x.x.x.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
ip local pool dealer 192.168.10.44-192.168.10.46
arp timeout 14400
global (outside) x.x.37.147
nat (inside) 0 access-list Cisco_VPN
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group ACL_IN in interface outside
route outside 0.0.0.0 0.0.0.0 12.168.37.142 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 s0
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set aaa3des esp-3des esp-md5-hmac
crypto dynamic-map dynomap 10 set transform-set aaa3des
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
crypto map vpnpeer interface outside
isakmp enable outside
isakmp client configuration address-pool local dealer outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup test address-pool dealer
vpngroup test dns-server ******
vpngroup test wins-server ******
vpngroup test default-domain ******
vpngroup test idle-time 1800
vpngroup test password ********
vpdn username admin password *********
terminal width 80
Cryptochecksum:xxxxxxx
10-24-2003 10:10 AM
I don't see any lists that allow connectivity to and from the VPN pool you've specified. You may have removed those portions when you posted the config?
Also, I don't know what kind of clients you've got, but I know I've had better success with version 4.03 of the VPN client.
10-24-2003 10:52 AM
I'm using version 3.6.
List to allow connectivity to and from VPN pool?????
I've seen no mention of this in any of the example configs I have found. That something I'm missing????
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: