01-18-2006 12:30 AM - edited 02-21-2020 02:12 PM
Hello all,
I would like to ask some advice on how to enable remote VPN users to have telnet access to server on inside network.
The remote users are using PPTP VPN client with PIX firewall as VPN server. Attached is the running of the PIX firewall.
Any feedback will be highly appreciated.
Thanks,
udimpas
01-18-2006 06:18 AM
Hi there,
It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.
Try to change this first, and if it's just a typo in the text file, test the following.
- Reserve a different network for the IP poll assigned to the clients. Example:
ip local pool VPN 192.168.201.1-192.168.201.254
- Change access-list for NAT exception to match this. Example:
access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0
Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.
Don't forget clear xlate.
Best regards,
Marcus
01-18-2006 06:21 AM
Hi there,
It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.
Try to change this first, and if it's just a typo in the text file, test the following.
- Reserve a different network for the IP poll assigned to the clients. Example:
ip local pool VPN 192.168.201.1-192.168.201.254
- Change access-list for NAT exception to match this. Example:
access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0
Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.
Don't forget clear xlate.
Best regards,
Marcus
01-18-2006 06:24 AM
Hi there,
It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.
Try to change this first, and if it's just a typo in the text file, test the following.
- Reserve a different network for the IP poll assigned to the clients. Example:
ip local pool VPN 192.168.201.1-192.168.201.254
- Change access-list for NAT exception to match this. Example:
access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0
Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.
Don't forget clear xlate.
Best regards,
Marcus
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: