11-06-2007 11:25 AM - edited 02-21-2020 03:21 PM
I am trying to set up a VPN connection for some auditors to one of my clients, and can't seem to get RDP to work. It appears that the Cisco VPN client is connected, but when I try to connect to a specific machine, I;m told that the machine can't be found.
11-06-2007 11:29 AM
Is the problem only related to rdp? Can they ping etc? Care to post a sanitized config?
11-06-2007 11:38 AM
Ping doesn't respond either. When I launch the VPN client, it group authenticates fine, then radius works fine, and the lock icon closes. After that, however, nothing else seems to work. What do I need to do to sanitize a config. I'm a first-timer.
11-06-2007 11:44 AM
Sanitizing means cleaning out any public ip addresses/passwords etc. Anything you wouldn't want anyone else to know.
Sounds like your problem is related to nat-traversal. Check to see if the following command is in your pix. If it isn't, add it in.
isakmp nat-traversal
11-06-2007 11:53 AM
11-06-2007 12:01 PM
Which group is in question here? 5*vend0rs? If so, take a look at your VENDOR-SPLIT-TUNNEL acl.
access-list VENDOR-SPLIT-TUNNEL permit ip host 70.168.67.x 192.168.201.0 255.255.255.0
access-list VENDOR-SPLIT-TUNNEL permit ip host 70.168.67.x 192.168.200.0 255.255.255.0
This means that only traffic from the vpn clients to 70.168.67.x would be tunneled over the vpn. The second statement wouldn't really do anything. I think it should look more like your other split tunnel acl.
access-list VENDOR-SPLIT-TUNNEL permit ip 192.168.200.0 255.255.255.0 192.168.201.0 255.255.255.0
11-06-2007 01:12 PM
That appears to have fixed it. Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: