Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

LAN Access Issue in Client to PIX VPN

I have configured a client to PIX VPN for PIX 515 E and authentication is being done by ACS (TACACS+) server.I am able to connect to VPN (getting the IP from VPN pool given in PIX)but i am not able to access any LAN system while ACS server is in LAN only and authentication is happening.Even i am not able to ping VPN client PC from PIX after while connected to VPN.I am able to browse from VPN connected system.Please guide whats wrong.

3 REPLIES
Community Member
Cisco Employee

Re: LAN Access Issue in Client to PIX VPN

Hi,

If you are connected, that basically means the authentication part is good and you are having issues routing the traffic across the VPN Tunnel.

Where are you connecting the VPN Client from. Is the VPN client behind a PAT device.

Once you are connected, Try pinging a valid ip address on the remote side and right click on the VPN Icon and look up the connection status. Do you see packets encrypted ?

Also, can you post the pix configuration removing all sensitive data.

Regards,

Arul

** Please rate all helpful posts *8

Community Member

Re: LAN Access Issue in Client to PIX VPN

The VPN Client logs when connnected are as below:

I am not able to ping client host from the PIX.In client statistics no paket received only sent and only encryption.Local LAN Disablled and Trans Tunnel Inactive.

Cisco Systems VPN Client Version 4.6.03.0021

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 2

Config file directory: C:\Program Files\Cisco Systems\VPN Client

1 11:06:26.875 12/08/06 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route: code 87

Destination 192.168.1.255

Netmask 255.255.255.255

Gateway 192.168.10.1

Interface 192.168.10.1

2 11:06:27.015 12/08/06 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: c0a80a01, Gateway: c0a80a01.

236
Views
0
Helpful
3
Replies
CreatePlease to create content