Win clients cannot see network after Site to Site VPN config
Perhaps some expert can give me a pointer here.I have had some recent reconfigurations to allow a Site to Site VPN. The site to site and internet connectivity works fine from both peers, however remote window clients can connect but no longer access the network.
The remote client connects and a correct IP from the pptp pool appears in the windows routing table and the client can ping this IP but no further. When the client attempts to map a network drive he gets error Network name cannot be found
While the client is connected this IP doesnt appear during internal (network side), IP scans and cannot be pinged internally.
Here is most of my my config:
: Written by enable_15 at 03:23:44.389 CST Wed Feb 18 2004
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 6xxx encrypted
passwd xxxxxxxxxxxxx encrypted
clock timezone PST -6
clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
access-list acl_out permit tcp host 184.108.40.206 any eq 30000
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
logging trap emergencies
logging device-id hostname
logging host inside 192.168.1.162
icmp deny any echo outside
mtu outside 1500
mtu inside 1500
ip address outside 220.127.116.11 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 192.168.1.240-192.168.1.250
Re: Win clients cannot see network after Site to Site VPN config
you ip local pool is the same as your inside subnet, which will not work. change the ip local pool to 192.168.3.0 (because it appears that 192.168.2.0 is what is used on the other side of the site to site tunnel, correct?).
access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
to that the pptp users will not have their return traffic natted to them.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...