Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

remote VPN users cannot telnet to inside server

Hello all,

I would like to ask some advice on how to enable remote VPN users to have telnet access to server on inside network.

The remote users are using PPTP VPN client with PIX firewall as VPN server. Attached is the running of the PIX firewall.

Any feedback will be highly appreciated.

Thanks,

udimpas

3 REPLIES
New Member

Re: remote VPN users cannot telnet to inside server

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

New Member

Re: remote VPN users cannot telnet to inside server

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

New Member

Re: remote VPN users cannot telnet to inside server

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

102
Views
0
Helpful
3
Replies