I'm new to the PIX and used the PDM Startup Wizard and VPN Wizard to configure my PIX 506e. I have very simple needs: my inside network connects to the ISP via PPPoE and want to be able to VPN from any outside IP address and access any address on my inside network (via various protocols including ssh).
The basic configuration works fine for all outbound traffic, but there's something wrong with the VPN configuration.
When I use my Cisco VPN client (v.4.9.01) I can authenticate and make the IPSec connection, but can't see any clients on the inside network (I tested with ping and by attempting to access a web page hosted on a client). The remote client's IP address is from the vpnlocal pool that I configured in the Wizard. I didn't think I'd need ACLs to allow specific traffic over the VPN, but I'm stumped as to why I can make the VPN connection successfully, but can't do anything with it.
Attached is the configuration for the PIX. Also attached is the log from the remote Cisco VPN client attempting to make the VPN connection.
I've resolved my problem, I think, by reconfiguring the subnet mask setting on the firewall to 255.255.0.0 (in addition to assigning vpn pool IP addresses out of the 192.168.2.0 range and enabling nat-traversal).
The only oddity I've noticed is that I can VPN and access devices on the internal network from a couple of locations, but one site using a Linksys WR54G allows the VPN connection, but still can't see devices on the inside network.
Any suggestions here would be great, and thanks for your other advice!
Yep, it works fine from two different sites, though not from the one behind a WR54G router for some reason.
Is there a resource for a relative network "noob" like me to find a good explanation for the IP notation you used (192.168.0.0/16)? I often see this on the Cisco site and in Cisco literature where the IP address is followed by a slash (/) and a number. I think that the number after the four octet IP refers to subnetting info, but am not sure.
Thanks for the help, and if you're not tired of me yet, I plan to post a question to this forum on setting a static translation and ACLs to allow Web traffic through the firewall. :-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...