https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437230#M1055552 <P>Hello</P><P></P><P>I currently have my pix515 (v.7x) acting as a vpn server. My client is on a cable connection behind it's own router/firewall.</P><P></P><P>The client can connect to the PIX vpn server just fine. It gets it's address from a pool on the pix. Once connected the client can connect to any server side (inside the pix) host/IP. It can ping everything server side as well.</P><P></P><P>My problem is, nothing on the server side (inside the pix) can ping or access any client host/resource. I don't understand cause I can connect to my pix vpn via a dial up connection, not behind any kind of router or firewall, and I can ping that host from inside the pix.</P><P></P><P>Is this a routing issue or an access issue? I'm pretty new to split tunneling, but I'm almost positive i've got that setup correctly cause everything works but Server-to-client communications..</P><P></P><P>Any advice is greatly appreciated!!</P><P> -scott</P> Fri, 21 Feb 2020 08:35:35 GMT snooter 2020-02-21T08:35:35Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437230#M1055552 <P>Hello</P><P></P><P>I currently have my pix515 (v.7x) acting as a vpn server. My client is on a cable connection behind it's own router/firewall.</P><P></P><P>The client can connect to the PIX vpn server just fine. It gets it's address from a pool on the pix. Once connected the client can connect to any server side (inside the pix) host/IP. It can ping everything server side as well.</P><P></P><P>My problem is, nothing on the server side (inside the pix) can ping or access any client host/resource. I don't understand cause I can connect to my pix vpn via a dial up connection, not behind any kind of router or firewall, and I can ping that host from inside the pix.</P><P></P><P>Is this a routing issue or an access issue? I'm pretty new to split tunneling, but I'm almost positive i've got that setup correctly cause everything works but Server-to-client communications..</P><P></P><P>Any advice is greatly appreciated!!</P><P> -scott</P> Fri, 21 Feb 2020 08:35:35 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437230#M1055552 snooter 2020-02-21T08:35:35Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437231#M1055554 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Can you check whether you have windows firewall enabled in ur host which is using VPN client to get connected to the central location ??</P><P></P><P>regds</P><P></P></BODY></HTML> Wed, 14 Dec 2005 09:52:33 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437231#M1055554 spremkumar 2005-12-14T09:52:33Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437232#M1055560 <HTML><HEAD></HEAD><BODY><P>Windows Firewall is disabled on both ends.</P></BODY></HTML> Wed, 14 Dec 2005 14:07:20 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437232#M1055560 snooter 2005-12-14T14:07:20Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437233#M1055563 <HTML><HEAD></HEAD><BODY><P>Reminds me of a NAT traversal problem but you said client to server communications work OK.</P><P>Not familiar with v7 yet but I had to add "isakmp nat-traversal 20" to my config to allow access from behind a firewall.</P><P></P><P>Can you post a scrubbed config for a look-see?</P></BODY></HTML> Thu, 15 Dec 2005 04:52:51 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437233#M1055563 kevinglong 2005-12-15T04:52:51Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437234#M1055568 <HTML><HEAD></HEAD><BODY><P>Kevin, that did it! adding the "isakmp nat-traversal 20" free'd it right up. How hard would it be for cisco to put that in the documentation??? I probably went through 30 different pages pertaining to this in cisco kb, not once did I see this command mentioned.</P><P></P><P></P><P> thanks man!</P></BODY></HTML> Thu, 15 Dec 2005 14:55:47 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437234#M1055568 snooter 2005-12-15T14:55:47Z https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437235#M1055571 <HTML><HEAD></HEAD><BODY><P>I suffered with the inability to tunnel back to the house for months from the office with my PIX501. Finally found the command via Google so it sticks in my mind.</P><P>The command is listed in the docs but my fresh CCNA certificate at the time didn't help me one bit as I didn't know exactly what the problem was nor where to look. Wish it was on by default.</P><P></P><P>Glad I could help.</P><P></P><P>Kevin L</P></BODY></HTML> Thu, 15 Dec 2005 22:02:10 GMT https://community.cisco.com/t5/network-security/pix-vpn-access-routing-issue/m-p/437235#M1055571 kevinglong 2005-12-15T22:02:10Z