Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 7.X Remote Access VPN cannot access remote networks

Hello colleagues,

I have a PIX 525 running 7.1 code. I have noticed users on the Cisco VPN client cannot access our networks across the wan from our corporate datacenter. I am attaching my config since it is fairly long.

I am thinking I need the following statements to make this work: Most of the plant networks are on the 192.168.X.X range.

1). I need to add all the plant networks (lump those I can) into my Nat exemption on the inside interface.

2). Make sure my split tunnel ACL allows all the remote plant networks

Cisco Employee

Re: PIX 7.X Remote Access VPN cannot access remote networks


a. I wasnt able to figure out what your internal network was.

b. I wasnt able to figure out the object-group and names configured in the ACL "NAT_nat0_inbound" used for NAT excemption.

from the attached config.

For eg:

If your internal network is and you are assigning the address 192.168.1.x/24 for your VPN client pools then you would need a NAT zero statement like this.

access-list 100 per ip

nat (inside) 0 access-list 100

To answer your second question, if the remote plant are on your internal segment then with the nat exemption and split tunnel configured properly, you should be good to go.

Let me know if this helps.

Note: If there are routers on your internal network, make sure the routers have an entry to forward the packets destined for 192.168.1.x towards the PIX. (according to my example)



Rate it, if this helps.