Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

can't see remote network thriugh VPN

I have configured a vpn using the vpn wizard in my pix 501 6.3(1) firewall. The connection is established ok but i am unable to see the network resources i configured using the wizard. When veiwing the logs i found this entry

3 deny inbound (No Xlate)src 10.0.0.1 dst 207.xxx.xxx.xxx/80

the 10.0.0.1 address is one of a range configured in the vpn pool but the destination address should be the 192.***.***.*** address of the server i have granted access to. I have tried fixing it using the static and conduit commands but still nothing.

Here is a copy of the runing config(with the usual information removed)

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ************** encrypted

passwd ****************** encrypted

hostname *******

domain-name *********

names

OMITTED*********

access-list inside_outbound_nat0_acl permit ip host Server interface outside

pager lines 24

logging on

logging timestamp

logging buffered debugging

logging trap alerts

logging device-id hostname

logging host inside 192.*.*.*

icmp deny any outside

mtu outside 1500

mtu inside 1500

ip address outside ***.***.***.***.***.***.***.***

ip address inside ***.***.***.***.***.***.***.***

ip audit info action alarm

ip audit attack action alarm

ip local pool VpnPool 10.0.0.1-10.0.0.5

pdm location ***** *.*.*.* inside

pdm logging warnings 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 OUTSIDE INTERFACE(address replaced)

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.***.*.*.*.*.*.*inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

tftp-server inside ******** /tftp-root

floodguard enable

fragment chain 1

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required

vpdn group PPTP-VPDN-GROUP client configuration address local VpnPool

vpdn group PPTP-VPDN-GROUP pptp echo 60

vpdn group PPTP-VPDN-GROUP client authentication local

vpdn username ******** password *********

vpdn enable outside

terminal width 80

Cryptochecksum:*******************

: end

any ideas welcome.

1 REPLY
Silver

Re: can't see remote network thriugh VPN

Did you try clearing the translations ?.

173
Views
0
Helpful
1
Replies
CreatePlease to create content