I have VPN Client 4 running and am able to connect and receive an IP from the PIX. The first issue I have is that the subnet mask assigned is Class B instead of Class C though this doesn't seem to affect the ability to ping machines on the inside LAN.
The real issue is I am not asked for any user authentication and cannot get Outlook to work. There is no TACACS in place. The authentication should go straight to the DNS/mail server.
The reason your subnet address may be different is because of how interesting traffic is configured. If you have internal network 192.168.1.0 255.255.255.0 and have configured your pool as 192.168.1.5-192.168.1.10 then it will show as 192.168.1.0 255.255.255.240, this is how it isolates x.5-x.10 as interesting traffic that should be protected by IPSec. If you are using the Cisco client and are not using RADIUS or TACACS, then the only "authentication" is your pre-share (The group name and the password). You can set up local authentication of you use pptp and the microsoft client. What authentication should go to the DNS server? DNS is used for name resolution, not authentication, so I'm a bit confused about what are are asking. WIth in the Cisco client you can select to log on to the Windows domain.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...