Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
3
Replies

LAN Access Issue in Client to PIX VPN

ghanshyam.saini
Level 1
Level 1

‎11-30-2006 04:35 AM

I have configured a client to PIX VPN for PIX 515 E and authentication is being done by ACS (TACACS+) server.I am able to connect to VPN (getting the IP from VPN pool given in PIX)but i am not able to access any LAN system while ACS server is in LAN only and authentication is happening.Even i am not able to ping VPN client PC from PIX after while connected to VPN.I am able to browse from VPN connected system.Please guide whats wrong.

Labels:
0 Helpful
3 Replies 3

ajagadee
Cisco Employee
Cisco Employee

‎12-06-2006 10:27 PM

Hi,

If you are connected, that basically means the authentication part is good and you are having issues routing the traffic across the VPN Tunnel.

Where are you connecting the VPN Client from. Is the VPN client behind a PAT device.

Once you are connected, Try pinging a valid ip address on the remote side and right click on the VPN Icon and look up the connection status. Do you see packets encrypted ?

Also, can you post the pix configuration removing all sensitive data.

Regards,

Arul

** Please rate all helpful posts *8

0 Helpful

ghanshyam.saini
Level 1
Level 1
In response to ajagadee

‎12-07-2006 09:50 PM

The VPN Client logs when connnected are as below:

I am not able to ping client host from the PIX.In client statistics no paket received only sent and only encryption.Local LAN Disablled and Trans Tunnel Inactive.

Cisco Systems VPN Client Version 4.6.03.0021

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\Program Files\Cisco Systems\VPN Client

1 11:06:26.875 12/08/06 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 87

Destination 192.168.1.255

Netmask 255.255.255.255

Gateway 192.168.10.1

Interface 192.168.10.1

2 11:06:27.015 12/08/06 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: c0a80a01, Gateway: c0a80a01.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents