Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

gda
New Member

VPN Client trouble

I have a Cisco PIX with a site-to-site vpn and also client-to-site vpn. I can authenticate to the vpn and connect, however, I cannot access a pc on the internal network via Remote desktop. I have attached my config. Can someone tell me if I am missing something?

Config attached:

Thanks,

GDA

5 REPLIES
gda
New Member

Re: VPN Client trouble

Here's the config

New Member

Re: VPN Client trouble

Hello.

I would suggest your not performing a no NAT (NAT 0) for traffic from the 192.168.50.x network to the 192.168.50.x networks.

Add the following and see how that goes....

access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.50.0 255.255.255.0

You may wish to add it with the correc subnets and mask for the internal and IPSEC client vpn ranges.

Tim

gda
New Member

Re: VPN Client trouble

I think I already have the access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.51.0 255.255.255.0. Should I just remove the command: nat (inside) 0 access-list nonat?

Thanks,

GDA

New Member

Re: VPN Client trouble

No.

Your current acl is for the 50.0 to the 51.0 networks.

You have indicated your trying to get to an internal host, which i presume is on the 50.x subnet.

Your IP pool for IPSEC clients is also 50.x, hence your nat statement does not match.

Tim

New Member

Re: VPN Client trouble

Or you could just change your IP pool Pool1 range to 192.168.51.200-192.168.51.254 so it matches your ruleset, and see how that goes.

HTH

Kev

123
Views
0
Helpful
5
Replies
CreatePlease to create content