Static Routes: All routes point to the DMZ interface, 192.168.4.1.
The clients can connect to the VPN Concentrator. They authenticate off of a server on the internal network. The VPN Concentrator can ping internal addresses without any trouble. You can ping the VPN Concentrator IP from the internal network. The PIX has arp information for the VPN Concentrator and the VPN client, both have the Concentrator's private interface MAC address.
You cannot ping the VPN Client's IP. (using address pool internal to the VPN Concentrator, 192.168.5.8/29, testing scenario)
The VPN Client cannot reach any internal address. The VPN Client does not have any firewall enabled.
I know there is probably something very simple I am missing. If anyone can assist it would be appreciated.
Well, From my understanding, you have the concentrator public int on the outside of the PIX and the private on the DMZ ..so did you configure the appropriate nat and access-lists to allow certain traffic from the clients' obtained IPs on the DMZ to the inside network ?
Plus yes. I allowed full access (any DMZ-3 to any Internal network) at this point in time to get the ball rolling. The only configuration for DMZ-3 is this Concentrator. It will be narrowed down once I get the traffic flowing through the clients. I have used Nat 0 at this point in time for testing purposes.
I did not have one in there explicitly for this so I placed one on the PIX to see if it would correct the trouble.
DMZ-3 192.168.5.0 255.255.255.0 192.168.5.1 1 OTHER static
Same thing. The client can authenticate to an internal server but not ping the internal server once the authentication process has finished. The VPN Concentrator can ping any internal server and any external address. This seems to be a client issue.
I checked the allowed networks and put in the new network that was created by DMZ-3. Same thing.
I am going to set up further testing to watch from both sides to see if I can determine what may be transpiring.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...