Here's my problem. I have a pptp vpn configured in my pix 506e. I can connect fine and browse network resources on the remote network by IP address. I can connect to any computer using MS remote desktop connection. I cannot browse by netbios name, also I am using the windows vpn client and when I clear the check box "use default gateway on remote network" I connect but cannot see any network resources and am unable to ping anything.
I have copied a partial configuration here. Please keep in mind that I am a newcomer to cisco PIX.
access-list inbound permit tcp any any eq www
access-list inbound permit tcp any any eq pop3
access-list inbound permit tcp any any eq pptp
access-list inbound permit tcp any host 220.127.116.11 eq www
access-list inbound permit tcp any host 192.168.20.102 eq www
access-list inbound permit tcp any any eq smtp
access-list inside_outbound_nat0_acl permit ip any 192.168.20.48 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any 192.168.20.0 255.255.255.252
access-list inside_outbound_nat0_acl permit ip any host 192.168.20.0
access-list inside_outbound_nat0_acl permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 18.104.22.168 255.255.255.252 192.168.20.0 255.255.255.0
access-list 101 permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 64.122.x.x.255.255.252
ip address inside 192.168.20.253 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool AtritechVPN 192.168.2.1-192.168.2.250 mask 255.255.255.0
Make sure the VPN server (PIX Firewall, Cisco VPN Concentrator or a router) successfully assigns a DNS server IP address to the Cisco VPN Client. To check, issue the ipconfig/all command on your PC after you are connected with the VPN Client.
If you do not see the correct IP address for your DNS field, check the configuration on the VPN server to make sure it was configured properly. This pushes the DNS server's IP address to the VPN Client's IP address.
To assign the DNS server's IP address for the VPN Client's, issue these commands:
On the PIX Firewall:
vpngroup test dns-server x.x.x.x
Note: The test dns-server is an optional parameter that is available when issuing the vpngroup command.
On the router:
crypto isakmp client configuration group 3000client
On the VPN Concentrator:
Go under Configuration > User Management > Groups.
Select the group you are working with and click Modify Group.
Go to the General tab and scroll down. You can assign DNS settings to the clients in this location. Make sure the correct IP address was specified.
If the VPN Client receives the correct DNS IP address from the VPN server, but name resolution still does not work, check to make sure the Network Basic Input and Output System (NetBIOS) over Transmission Control Protocol (TCP) and IP option is checked under Advanced TCP/IP properties > WINS on the PC that runs the VPN Client.
Note: If you do not have split tunneling configured for the VPN Client, you will not be able to use the DNS server of the Internet Service Provider (ISP) anymore. This is because all traffic is now encrypted and sent to the VPN server
I have this same problem right now, and as far as I can tell its because my VPN clients are receiving invalid netmasks and default gateways. For example, I defined an IP pool for VPN users, and the addresses are handed out correctly. But an ipconfig reveals the information as :
Def Gateway: 10.1.1.200
Where can I change what the assigned netmask and gateway are?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...