Hello,

Could you post the debugs also?

Vikas

Hi Vikas,

Thank you for your respond. My 515E pix has version 7.1.2. It is the pix that is acting as the concentrator or the end point for the Cisco vpn clients. I configured it to use radius and it is point to a windows 2000 radius server (IAS). Previously, when i setup vpn client using ADSM, it works fine but the configurations seems not very clean. By the way, my l2l is up and working. The reason it was not working because the remote office turn off the computer. Right now, i am still having problem with the client VPN. I configure local vpn user and i can vpn but i can not access any resources. Not sure if it has anything to do with my ip pool or the access list. Also, I am attached the debug. level 1-255 debug? I turned on level 7.

Thanks

Update.

After I added these command, i can authenticate agains the IAS radius server.

tunnel-group IDSDYNAMICMAP general-attributes

address-pool VPNclient

authentication-server-group IDSDC02

But the problem is still this. I can't access anything inside while the VPN tunnel is establish. The error is ADSM reported:

no translation group found for tcp src outside:192.168.0.1/1817 des inside 192.168.100.10

Updating on this problem.

Since this PIX is version 7, it has the Cisco router IOS commands. So, the problem is the access-list IP address subnetmask. For example:

My IP local pool for remote VPN clients:

ip local pool VPNclient 172.16.0.10-172.16.0.15 mask 255.255.0.0

In PIX version 6, i can type:

access-list noNAT_inside extended permit ip any 172.16.0.0 255.255.0.0

In PIX version 7, I type the above and my VPN client will not connect to my internal network.

So, i modified it to:

access-list noNAT_inside extended permit ip any 172.16.0.8 255.255.255.248

for subneting review, take 254-248 will give me 6 IP addresses. Since in my ip pool, i defined 172.16.0.10 to .15.

Hope this helps.