Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN design

I'm trying to setup VPN server into existing LAN and having some problems.

let's assume that my network is and they are all public IPs

but has a firewall at

and two other existing subnets behind firewall that I have physical access to.

they are and

Yes, we use public IPs behind firewall as well.

they both are connected to firewall via and

I'm testing separate VPN server(pix525 v8.03) with following config. and this one is used for client VPN only.



default gateway

vpn ip pool is

users from home can connect and gets an ip address from the vpn pool but can't access anything other than

can't get to internet or any other subnet.

I have allowed everything to go through firewall, but still something is blocking.

any ideas?

I have tried to use private ip for inside like with same result.

one strange thing is.

on one client machine the default gateway is same as the assigned ip.

on another client machine the default gateway is normal like

but they both show same behavior or not being able to connect outside of their own assigned subnet.

Community Member

Re: VPN design

for this network, the best idea is to have clients remote into a terminal server and then they can get to the internet. This is very secure although it is a hassle.

are you using a proxy server for internet connection? Try pointing the clients to the proxy.

split-tunneling? split-tunneling allows users to vpn and use the internet, but is not as secure.

Community Member

Re: VPN design

If you test your connection from your dmz, can you see your DNS server. try NSlookup.

As far as subnets, you need to add static routes for the users to get to different subnets.

Can you post your configuration?

CreatePlease to create content