Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vpn client connects but can not ping lan ip adresses

Hi,

I have a serious problem since a few days i do not manage to solve.

Firewall PIX 515e

I have not modified my config. since a long time now; except yesterday i had to open a port to make a specific service works; probably nothing to see with my problem.

So, when my clients try to open a VPN session with the client, it works just fine. They obtain a specific IP address as it is specified in the config.; this ip address is 192.168.x.x.

The problem is that they can not join computers in the LAN anymore (with 10.0.x.x IP). PING command with IP addresses fails (time out).

They should "see" the LAN to be able to work on applications, just the way they have always done until now.

Could anyone help ?

Thanks in advance.

3 REPLIES
New Member

Re: vpn client connects but can not ping lan ip adresses

I have received from the client this supply of information :

(translated from french)

"Securised VPN connexion locally shut down by the client. Reason 403. Can't communicate with the security bridge."

Re: vpn client connects but can not ping lan ip adresses

Bonjour Stephane,

for some reason the VPN client is not communicating with the PIX anymore. Check for the correct split tunnel configuration, and possibly the ´isakmp nat-traversal´ line in your config.

Can you post the configuration of your PIX ?

Saluts,

GNT

New Member

Re: vpn client connects but can not ping lan ip adresses

I have the same issue occurring with a couple of my users (not all). They connect to either of our PIX's on two different ISP's and they cannot communicate with any nodes inside the firewall. According to users they did nothing to the configuration of their workstations when this began to occur.

Have tried everything I can think of to try to figure out what is happening on the client side to cause this to not connect to our LAN. Will probably be calling before I get an answer to this posting, however, wanted to document that Stephane is not alone here.

Really don't want to put my PIX config. out here for the world to see, but will work with TAC to see if I can send it to them securely.

Jim

131
Views
0
Helpful
3
Replies
CreatePlease to create content