cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
0
Helpful
3
Replies

remote VPN users cannot telnet to inside server

udimpas
Level 1
Level 1

Hello all,

I would like to ask some advice on how to enable remote VPN users to have telnet access to server on inside network.

The remote users are using PPTP VPN client with PIX firewall as VPN server. Attached is the running of the PIX firewall.

Any feedback will be highly appreciated.

Thanks,

udimpas

3 Replies 3

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

Hi there,

It seems that the IP pool you are referring to in the vpdn group is VPN_CTYHALL, but the IP pool you have configured is named VPN.

Try to change this first, and if it's just a typo in the text file, test the following.

- Reserve a different network for the IP poll assigned to the clients. Example:

ip local pool VPN 192.168.201.1-192.168.201.254

- Change access-list for NAT exception to match this. Example:

access-list 101 permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0

Please don't forget to assure that the Telnet server has a route back to the IP pool network 192.168.201.0 255.255.255.0.

Don't forget clear xlate.

Best regards,

Marcus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: