02-06-2002 06:32 PM - edited 02-20-2020 09:58 PM
Hi all, I am new to PIX and VPN...
Everything seems to be working when connecting to the PIX 501 using a Windows 2000 remote access laptop however, the syslog gets full of errors like this one:
Local4.Error 192.168.0.1 %PIX-3-106011: Deny inbound (No xlate) tcp src outside:10.0.0.1/1174 dst outside:64.4.13.170/80
The laptop dials through a phone line and an ISP and uses the PPTP VPN using MS-CHAP and MPPE to the PIX.
The errors only occur when the laptop has this specific active VPN connection.
Here are the relevant entries in my config:
access-list 101 permit ip 192.168.0.0 255.255.255.0 host 10.0.0.1
ip local pool vpnpool 10.0.0.1-10.0.0.5
nat (inside) 0 access-list 101
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40 required
vpdn group 1 client configuration address local vpnpool
vpdn group 1 client configuration dns 192.168.0.40
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username xxxx password xxxx
vpdn enable outside
What am I doing wrong?
Thanks very much!
02-08-2002 08:26 PM
Also,
The "VPN TUNNEL" light does not turn on... why?
02-10-2002 03:22 PM
Does my VPN pool of private addresses have to contain addresses in the same network ID as my internal LAN, or do I have to use a completely different range? Maybe I am not understanding how the routing takes place between the outside and indide interface during a VPN connection. Can someone explain?
I can not seem to find the answer anywhere.
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: