Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX Config Snag

Ok, so we've successfully setup VPN with our PIX, and we even have it authenticating to an Active Directory server via IAS. All works perfectly, except once the client is connect, it cannot see anything on the internal network. We try to browse network shares by name or IP address and neither work. I've posted the code for your perusal. We've removed the public IP's and passwords, and some conduits that do not affect this.

Any help is greatly appreciated.

Thanks!

-Mike

4 REPLIES
Hall of Fame Super Blue

Re: PIX Config Snag

Hi Mike

Try adding this to your config and see if it works

"isakmp nat-traversal"

HTH

Jon

Community Member

Re: PIX Config Snag

hello.

I assume your routing 10.12.15.0/24 to your firewall!?

sysopt connection permit-pptp

My two cents

Community Member

Re: PIX Config Snag

Hi,

There is no commands for defining 'phase-2' parameters of VPN.

Put up 'phase-2' parameters with 'crypto map' command and apply the 'crypto map' to outside interface of the PIX device.

I guess, you have configured the pix for remote access vpn. Usually this will be configured in following steps :

1. Define phase-1 , phase-2 parameters

2. Define group policy

3. Associate group policy to tunnel group

Plz refer the below mention link which speaks about configuring remote access vpn on ASA devices. (This can be used for configuring PIX)

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

--Jaffer

Community Member

Re: PIX Config Snag

Thanks for all the replies.

The actual issue was the fact that we are using 10.12.x.x in our real network. I didn't know that you had to give VPN clients IP addresses that you aren't already internally routing. I gave them a 192.168.50.x subnet, and all is well.

Also, had to do a little bit of split tunnelling , which wasn't too bad.

123
Views
0
Helpful
4
Replies
CreatePlease to create content