I am using PIX 501 version 6.3. Currently I am facing a problem regarding the VPN Client. When VPN Client A and B connected to the VPN, they will be given an IP address from the range of 192.168.2.100-192.168.2.200. But VPN Client A cannot ping B or gain access to B VNC. Neither can B do the same to A. Is it that I must add an access-list to allow VPN Client to ping each other? Please Help....
The problem is that you're using a PIX as the head-end device. The PIX specifically will not route a packet back out the same interface it came in on, that includes VPN packets from one client going back out the same interface to another VPN client. There is unfortunately no way around it, sorry.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...