Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote access VPN client for PIX

Hi,

Have configured two separte remote access groups on PIX to access both networks separately from outside region via internet. ( one for inside network , one for DMZ network. ) I am able to form a secured tunnel with both groups using cisco VPN Client installed on desktop. But problem is after connecting I can access only my inside network. Even if i connect using a group for DMZ region I can not access network on DMZ region. ( my desktop gets ip address assigned properly from exact pool for DMZ ).

Is is so that only one remote access can be given , is it possible to access DMZ region network via CISCO VPN client on desktops , just like i can access internal network.

3 REPLIES
Gold

Re: Remote access VPN client for PIX

no doubt that this scenario is feasible.

below are the sample codes:

access-list no_nat_inside permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no_nat_dmz permit ip 192.168.2.0 255.255.255.0 10.2.2.0 255.255.255.0

access-list 130 permit ip 192.168.2.0 255.255.255.0 10.2.2.0 255.255.255.0

nat (inside) 0 access-list no_nat_inside

nat (dmz) 0 access-list no_nat_dmz

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool_inside 10.1.1.11-10.1.1.21

ip local pool ippool_dmz 10.2.2.11-10.2.2.21

vpngroup vpnclient_inside address-pool ippool_inside

vpngroup vpnclient_inside idle-time 1800

vpngroup vpnclient_inside dns-server 139.130.4.4

vpngroup vpnclient_inside password cisco456

vpngroup vpnclient_inside split-tunnel 120

vpngroup vpnclient_dmz address-pool ippool_dmz

vpngroup vpnclient_dmz idle-time 1800

vpngroup vpnclient_dmz dns-server 139.130.4.4

vpngroup vpnclient_dmz password cisco789

vpngroup vpnclient_dmz split-tunnel 130

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username xxxx password xxxx

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond

if further assistance is needed, please post the entire config with public ip masked.

Community Member

Re: Remote access VPN client for PIX

thanx .

solved my problem. by using totally different networks without sub-netting.

thanx once again.

Gold

Re: Remote access VPN client for PIX

it's good to learn that your issue has been resolved.

according to cisco:

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

120
Views
0
Helpful
3
Replies
CreatePlease to create content