netop

fadisodah · ‎01-02-2007

I have a PIX 5156.3 and remote clients with VPN Client 4.8

The remote clients can access the internal Network services through vpn tunnel.

now the remote clients would have to access their own Desktop through netop remote control (host/guest)

based on vpn/ipsec from the remote location. but with my config on the pix i have found

that the user can access their desktop, but locally when they came to the office they were not able to browse the internet

such as smtp/http traffic always page cant be display and smtp server cant be found.

to give them the ability back to access the internet i do :

no static (inside,outside) 11.1.2.203 10.6.40.55 netmask 255.255.255.255 0 0

clear xlate

but after that they cant do netop.

does anybody know what I must do that an

internal PC (main office) can be controled from an external PC (remote office ) with netop having all internet feature

I am using IPsec VPN tunnel. its vpn client to pix. I am doing natting

my local lan at the main office : 10.6.40.x/24

sample Desktop: 10.6.40.55

my pix:

access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq nntp

access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq ftp

access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq www

access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq domain

ip address outside x.x.x.2 255.255.255.240

ip address inside 10.6.70.5 255.255.255.0

access-list nonat permit ip 10.6.70.0 255.255.255.0 11.1.1.0 255.255.255.0

ip local pool ippool 11.1.1.1-11.1.1.200

global (outside) 1 x.x.x.x (real ip)

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 11.1.2.203 10.6.40.55 netmask 255.255.255.255 0 0

5220 · ‎01-03-2007

You shold apply the static only for the port(s) used by your netop application:

static (inside,outside) tcp 11.1.2.203 10.6.40.55 netmask 255.255.255.255

Rate if it helps.

Daniel