Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN Client v1.1 and default gateway

I've been troubleshooting a problem with the PIX firewall and the Cisco Secure VPN 1.1 client for a couple of days now and it has me stumped. Here are the details:

From my Windows 98 client with the VPN adapter installed and the Cisco v 1.1 client, I connect to our PIX firewall from a remote location. The PIX forwards my AAA request to an internal TACAS box that verifies my credentials and logs me on to the network. With the default settings for the VPN adapter, I can browse my network (non-secure) and have access to the resources I need.

The Cisco v1.1 client shows in the Log viewer that the IKE fails because the initial message sent from my client does not receive a reply. If I change the settings on the VPN adapter and do NOT choose to use the default gateway on the remote network, then the IKE occurs and I can establish a secure connection. When I attempt to locate resources on my internal network in this case, I cannot ping them because the gateway on the remote network is not defined. So I either get a secure connection with no access to resources or a non-secure connection with access to resources.

Although I did not perform the PIX configuration, nothing jumps out at me as being incorrect. There is a route from the inside network to the default gateway defined in the configuration and it is correct. One other interesting observation is that the default gateway that I get when I use the "default gateway on the remote network" is the internal IP address that my PPP adapter is assigned.

Other potentially pertinent information:

The LAN adapter on my remote machine does not use DHCP but rather has a static IP and gateway configured.

The IP address that my PPP adapter is assigned is not in the local pool as defined in the PIX configuration.

Any help is appreciated!

1 REPLY

Re: VPN Client v1.1 and default gateway

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

291
Views
0
Helpful
1
Replies
CreatePlease to create content