I am setting up a remote vpn connection for some of my users to connect to our shared servers from home. The internal network on the trusted side of the firewall is 10.0.6.0/24. When i setup the remote vpn to give vpn users Ip addresses from this range everything works fine. However I want to have remote vpn users on a seperate range because i anticipate a large number of remote users in the future.
When i setup the remote vpn ip pool to a range say 10.0.10.0/24 i can connect to the VPN but I cannot access the servers behind the firewall. I tried to add a policy for those users using ASDM but it still does not work.
1. Does your internal network(s) know where to route the packets destined for 10.0.10.0/24. Since the pool of ip addresses is being assigned by the pix to the VPN Remote Users, make sure that your internal routing routes the packets to the pix for the 10.0.10.0/24 network.
2. Do you have any Access-List applied on the inside interface of the pix. If Yes, do allow traffic from your internal network to talk to 10.0.10.0/24.
3. If your are doing NAT/PAT on the pix, make user that NAT is bypassed for traffic sourced from your internal network and destined to 10.0.10.0/24. You can use NAT 0 to bypass NAT.
Please check the above and let me know if it works.
hey i tired to do what you suggested and i still cannot connect through the vpn. Well i can connect but i cannot access anything behind the firewall. Do you know of anywhere i can find a walkthrough to help me with this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :