All, I am trying to setup a very basic VPN solution with my PIX 515 version 6.3 at home. As of right now I can successfully connect from the client and can pass traffic through the VPN to inside hosts (i.e. ping), and the hosts respond (both directions verified using "debug ip trace" on the PIX), but the remote client isn't receiving the return traffic (verified using wireshark on the client). The hosts on the internal network all see the MAC address for my remote client's VPN obtained IP as the MAC of the inside interface of the PIX itself (makes sense).
My setup right now is VERY basic - one network on the outside interface of the PIX where my client is, and one network on the inside where my home network is. I will add routing to outside stuff later once I get basic VPN connectivity established.
My subnets are as follows:
Outside - 192.168.1.0/24
Inside - 192.168.10.0/24
I know I am probably missing something very simple, but I am having issues finding it. Any assistance would be greately appreciated. Below is my complete config.
Thanks in advance.
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list 101 permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.1 255.255.255.0
ip address inside 192.168.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool1 192.168.10.100-192.168.10.150
I figured out what I was doing wrong, but I am not 100% sure what the issue is. I had the VPN DHCP pool on the same subnet as the inside interface of the PIX (not a separate subnet). Once I changed the subnet to something different (same as the configuration guide) and added static routes on the hosts to the VPN-DHCP pool via the inside interface of the PIX, everything worked.
Is it not possible to have VPN clients on the same subnet as hosts and the inside PIX interface? Quick disclaimer, I am a R&S guy
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :