This is the existing setup I have walked into, I did not set it up but need to fix it. Ok here we go, first their is a cisco pix 501 that handles the vpn, its' inside address is 192.168.2.1 and it's connected to a nic in the server with an ip of 192.168.2.2, their is another nic in the server (192.168.1.2) this nic connects to a switch where all of the pc's connect. All of the pc's get addresses in the 192.168.1.X range from the dhcp server. The problem is when I vpn in I can't get past the server. Is their any way I can setup a route from the 192.168.2.2 nic over to the 192.168.1.2 nic? I have a NAS that I need access to and it's on the 192.168.1.x network. Is this possible or should I change the inside address of the pix and plug it directly into the switch? Any help or suggestions would be appreciated. By the way the server is running Windows 2000 server, and the pix firewall is a 501 model.
Seems like your issue is with the microsoft server routing.
If the pix has a route inside 192.168.1.0 pointing to 192.168.2.2, and your vpn is allowed to reach 192.168.2.0 by the access-list and nat (inside) 0, then you have to fix your microsoft servers routing.
Otherwise you can also give the pix a 192.168.2.x address, and directly connect to the switch, still, you would need the correct access-list and nat(inside) 0 statements for the vpn.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...