PPTP VPN client can make connection but can't see network resources
I am using a PIX 501 firewall as a PPTP VPN endpoint. There is a Cisco 2611 router behind the PIX on the inside which acts as the default gateway for the end users.
We can establish a good PPTP VPN connection to the PIX but cannot access any of the resources LAN (Behind the router). The router is pretty simple and does NOT perform NAT. I can ping any of the resources from the PIX through the router to the LAN but not with a PPTP VPN connection.
I could really use anyone's help to get this resolved.
Re: PPTP VPN client can make connection but can't see network re
Thanks for your reply. The configuration below, and the pptp vpn, works great when the inside interface is directly connected to the LAN switch. when it is placed in front of a cisco router (that performs no NAT by the way) users connected via vpn can't see the internal network. The static command does work however.
Thank you for your help.
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list uvp permit gre any any
access-list uvp permit tcp any host 188.8.131.52 eq 3389
access-list inside_outbound_nat0_acl permit ip any 172.16.1.64 255.255.255.192
pager lines 24
logging buffered debugging
mtu outside 1500
mtu inside 1500
ip address outside 65.x.x.11 255.255.255.248
ip address inside 172.16.1.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN_DHCP 172.16.1.80-172.16.1.99
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 10.65.24.121 netmask 255.255.255.248
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...