Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote access VPN client for PIX


Have configured two separte remote access groups on PIX to access both networks separately from outside region via internet. ( one for inside network , one for DMZ network. ) I am able to form a secured tunnel with both groups using cisco VPN Client installed on desktop. But problem is after connecting I can access only my inside network. Even if i connect using a group for DMZ region I can not access network on DMZ region. ( my desktop gets ip address assigned properly from exact pool for DMZ ).

Is is so that only one remote access can be given , is it possible to access DMZ region network via CISCO VPN client on desktops , just like i can access internal network.


Re: Remote access VPN client for PIX

no doubt that this scenario is feasible.

below are the sample codes:

access-list no_nat_inside permit ip

access-list 120 permit ip

access-list no_nat_dmz permit ip

access-list 130 permit ip

nat (inside) 0 access-list no_nat_inside

nat (dmz) 0 access-list no_nat_dmz

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool_inside

ip local pool ippool_dmz

vpngroup vpnclient_inside address-pool ippool_inside

vpngroup vpnclient_inside idle-time 1800

vpngroup vpnclient_inside dns-server

vpngroup vpnclient_inside password cisco456

vpngroup vpnclient_inside split-tunnel 120

vpngroup vpnclient_dmz address-pool ippool_dmz

vpngroup vpnclient_dmz idle-time 1800

vpngroup vpnclient_dmz dns-server

vpngroup vpnclient_dmz password cisco789

vpngroup vpnclient_dmz split-tunnel 130

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username xxxx password xxxx

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond

if further assistance is needed, please post the entire config with public ip masked.

Community Member

Re: Remote access VPN client for PIX

thanx .

solved my problem. by using totally different networks without sub-netting.

thanx once again.


Re: Remote access VPN client for PIX

it's good to learn that your issue has been resolved.

according to cisco:

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

CreatePlease to create content