Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN connection using different subnet?

Hi All,

I can set up a vpn connection using an ip pool of valid internal ip address's (ie internal network ip pool Everything works fine, access to other pc's on this subnet etc.

However if i try to set using an ip pool of I can connect through the vpn but am unable to see any other pc's, etc on the local network?

Is there a rule I am missing somewhere?

Any help appreciated.


Re: VPN connection using different subnet?

Well a couple of things to check here one is your pix the default-gateway/is there a route to the pix for the 10.10.11.x network. Two is there an access-list in place preventing network.

It would be helpful to see your configuration.


New Member

Re: VPN connection using different subnet?

Hi Patrick,

Here is the current config.

PIX Version 7.0(1)



interface Ethernet0

nameif Outside

security-level 0

ip address


interface Ethernet1

nameif inside

security-level 100

ip address


interface Ethernet2

nameif DMZ

security-level 50

ip address


enable password XCiL6fXTNO9qj5.B encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

domain-name wtm

ftp mode passive

clock timezone EST 10

access-list Outside_access_in extended permit icmp any any

access-list inside_nat0_outbound extended permit ip any

access-list Outside_cryptomap_dyn_20 extended permit ip any

pager lines 24

logging asdm informational

mtu inside 1500

mtu DMZ 1500

mtu Outside 1500

ip local pool Dial-In mask

monitor-interface inside

monitor-interface DMZ

monitor-interface Outside

asdm image flash:/asdm-501.bin

asdm location inside

no asdm history enable

arp timeout 14400

global (Outside) 10 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 10

access-group Outside_access_in in interface Outside

route Outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy try internal

group-policy try attributes

dns-server value

username testuser password 98ZeS29m9xvCI4tR encrypted privilege 0

username testuser attributes

vpn-group-policy try

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

isakmp identity address

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 20

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

tunnel-group try type ipsec-ra

tunnel-group try general-attributes

address-pool Dial-In

default-group-policy try

tunnel-group try ipsec-attributes

pre-shared-key welcome


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global


: end

CreatePlease to create content