I am pretty desperate for ideas at this point; I've spent almost a week on this and the VPN is still down.
The story unfolds: we just moved all network equipment from a shelving unit to a rack. Some cables may not have been plugged back into their original ports, but I?m about 99% certain all are plugged into the same devices.
There was an operational PPTP VPN setup, which does not work since the ?move?. The use was, windows VPN client connecting to Cisco 506e, which used Radius to authenticate them and then allowed them access to all resources on the LAN. The configuration (a backup from when it was working) is attached.
So, it stops working after the move; users can still connect, however they can?t see any network resources, is this an NAT issue?
I?ve tried to create a new VPN using the Cisco client and the Cisco PIX wizard, but have a similar problem after connecting; no access to system resources, any suggestions as to what could have happened?
wall --> Modem (dsl) --> in Cisco (Eth 0) | out Cisco (Eth 1) --> Dlink Gigabit switch (switch connected to two other switches, all LAN devices connected to these, or smaller switched connected to these switches)
What did your config look like when you tried setting up an ipsec vpn with the cisco client? Make sure you had "isakmp nat-traversal". One other thing I noticed is that the vpn pool should not be in the same subnet as any other inside subnet. You should make the pool outside the range of 192.168.2.0, 192.168.1.0, 192.168.3.0 etc. This doesn't necessarily explain why your pptp vpn stopped working but it will give you something to go on.
Ok, changing the VPN pool range seems to make sense. I moved if to a 'block' of assigned IPs and figured that would be enough. Will moving it off the 192.168.1.0-2.0-3.0 require any other commands to allow it access to the LAN objects, server, desktops, etc?
I'll also check for the isakmp nat-traversal once I go though the Cisco wizard (for Cisco clients).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...