https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899523#M959856 <HTML><HEAD></HEAD><BODY><P>add the following in respective order</P><P></P><P>global (outside) 1 interface</P><P>object-group network Clients</P><P>network-object 172.16.2.1 255.255.255.255</P><P>network-object 172.16.2.2 255.255.255.255</P><P>network-object 172.16.2.3 255.255.255.255</P><P>network-object 172.16.2.4 255.255.255.255</P><P>network-object 172.16.2.5 255.255.255.255</P><P>network-object 172.16.2.6 255.255.255.255</P><P>network-object 172.16.2.7 255.255.255.255</P><P>network-object 172.16.2.8 255.255.255.255</P><P>network-object 172.16.2.9 255.255.255.255</P><P>network-object 172.16.2.10 255.255.255.255</P><P>network-object 172.16.2.11 255.255.255.255</P><P>network-object 172.16.2.12 255.255.255.255</P><P>network-object 172.16.2.13 255.255.255.255</P><P>network-object 172.16.2.14 255.255.255.255</P><P>network-object 172.16.2.15 255.255.255.255</P><P>network-object 172.16.2.16 255.255.255.255</P><P>network-object 172.16.2.17 255.255.255.255</P><P>network-object 172.16.2.18 255.255.255.255</P><P>network-object 172.16.2.19 255.255.255.255</P><P>network-object 172.16.2.20 255.255.255.255</P><P>network-object 172.16.2.21 255.255.255.255</P><P>q</P><P>access-list no_nat permit ip 10.0.0.0 255.255.255.0 object-group Clients</P><P></P><P>After that, client will be able to reach inside network, but they will lose their local connectivity. To avoid this, add the following</P><P></P><P>access-list split_T permit ip 10.0.0.0 255.255.255.0 object-group Clients</P><P></P><P>vpngroup nikas split-tunnel split_T</P><P>vpngroup nikas1 split-tunnel split_T</P><P>vpngroup nikas2 split-tunnel split_T</P><P>vpngroup nikas3 split-tunnel split_T</P><P>vpngroup nikas4 split-tunnel split_T</P><P>vpngroup nikas5 split-tunnel split_T</P><P>vpngroup nikas6 split-tunnel split_T</P><P>vpngroup nikas7 split-tunnel split_T</P><P>vpngroup nikas8 split-tunnel split_T</P><P>vpngroup nikas9 split-tunnel split_T</P><P>vpngroup nikas10 split-tunnel split_T</P><P>vpngroup nikas11 split-tunnel split_T</P><P>vpngroup nikas12 split-tunnel split_T</P><P>vpngroup nikas13 split-tunnel split_T</P><P>vpngroup nikas14 split-tunnel split_T</P><P>vpngroup nikas15 split-tunnel split_T</P><P>vpngroup nikas16 split-tunnel split_T</P><P>vpngroup nikas17 split-tunnel split_T</P><P>vpngroup nikas18 split-tunnel split_T</P><P>vpngroup nikas19 split-tunnel split_T</P><P></P><P></P><P></P></BODY></HTML> Wed, 28 Nov 2007 12:12:17 GMT Alan Huseyin Kayahan 2007-11-28T12:12:17Z https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899520#M959853 <P>Hello everyone</P><P></P><P>Please give me some help with the following.</P><P></P><P>I'm trying to connect with a VPN Client which is behind a Checkpoint F/W to a CiscoPIX 515. Although the connection is established i cannot access the internal network behind the PIX. I configured NAT-T in PIX 515 and open the appropriate tcp/udp ports (500,4500,10000) in chekpoint but i get the following error in the log file of the VPN Client:</P><P></P><P>Cisco Systems VPN Client Version 5.0.00.0340</P><P></P><P>Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.</P><P></P><P>Client Type(s): Windows, WinNT</P><P></P><P>Running on: 5.1.2600 Service Pack 2</P><P></P><P> </P><P></P><P>45 16:15:56.593 11/27/07 Sev=Warning/2 CVPND/0xA3400011</P><P></P><P>Error -14 sending packet. Dst Addr: 0xFFFFFFFF, Src Addr: 0xC0A8003B (DRVIFACE:1201).</P><P></P><P> </P><P></P><P>46 16:15:59.312 11/27/07 Sev=Warning/2 CVPND/0xA3400015</P><P></P><P>Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87</P><P></P><P> </P><P></P><P>47 16:15:59.312 11/27/07 Sev=Warning/2 CM/0xA3100025</P><P></P><P>Unable to delete route. Network: c0a800ff, Netmask: ffffffff, Interface: a000096, Gateway: c0a8003b.</P><P></P><P> </P><P></P><P>48 16:15:59.312 11/27/07 Sev=Warning/2 CVPND/0xA3400015</P><P></P><P>Error with call to IpHlpApi.DLL: DeleteIpForwardEntry, error 87</P><P></P><P> </P><P></P><P>49 16:15:59.312 11/27/07 Sev=Warning/2 CM/0xA3100025</P><P></P><P>Unable to delete route. Network: c0a80000, Netmask: ffffff00, Interface: a000096, Gateway: c0a8003b.</P><P></P> Mon, 11 Mar 2019 11:36:07 GMT https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899520#M959853 otenet_cass 2019-03-11T11:36:07Z https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899521#M959854 <HTML><HEAD></HEAD><BODY><P>please post your PIX config, most probably it is a tunneling issue</P></BODY></HTML> Wed, 28 Nov 2007 09:41:34 GMT https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899521#M959854 Alan Huseyin Kayahan 2007-11-28T09:41:34Z https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899522#M959855 <HTML><HEAD></HEAD><BODY><P>Thank you for the reply. Please find attached the PIX config file.</P><P></P><P> </P><P></P></BODY></HTML> Wed, 28 Nov 2007 09:51:01 GMT https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899522#M959855 otenet_cass 2007-11-28T09:51:01Z https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899523#M959856 <HTML><HEAD></HEAD><BODY><P>add the following in respective order</P><P></P><P>global (outside) 1 interface</P><P>object-group network Clients</P><P>network-object 172.16.2.1 255.255.255.255</P><P>network-object 172.16.2.2 255.255.255.255</P><P>network-object 172.16.2.3 255.255.255.255</P><P>network-object 172.16.2.4 255.255.255.255</P><P>network-object 172.16.2.5 255.255.255.255</P><P>network-object 172.16.2.6 255.255.255.255</P><P>network-object 172.16.2.7 255.255.255.255</P><P>network-object 172.16.2.8 255.255.255.255</P><P>network-object 172.16.2.9 255.255.255.255</P><P>network-object 172.16.2.10 255.255.255.255</P><P>network-object 172.16.2.11 255.255.255.255</P><P>network-object 172.16.2.12 255.255.255.255</P><P>network-object 172.16.2.13 255.255.255.255</P><P>network-object 172.16.2.14 255.255.255.255</P><P>network-object 172.16.2.15 255.255.255.255</P><P>network-object 172.16.2.16 255.255.255.255</P><P>network-object 172.16.2.17 255.255.255.255</P><P>network-object 172.16.2.18 255.255.255.255</P><P>network-object 172.16.2.19 255.255.255.255</P><P>network-object 172.16.2.20 255.255.255.255</P><P>network-object 172.16.2.21 255.255.255.255</P><P>q</P><P>access-list no_nat permit ip 10.0.0.0 255.255.255.0 object-group Clients</P><P></P><P>After that, client will be able to reach inside network, but they will lose their local connectivity. To avoid this, add the following</P><P></P><P>access-list split_T permit ip 10.0.0.0 255.255.255.0 object-group Clients</P><P></P><P>vpngroup nikas split-tunnel split_T</P><P>vpngroup nikas1 split-tunnel split_T</P><P>vpngroup nikas2 split-tunnel split_T</P><P>vpngroup nikas3 split-tunnel split_T</P><P>vpngroup nikas4 split-tunnel split_T</P><P>vpngroup nikas5 split-tunnel split_T</P><P>vpngroup nikas6 split-tunnel split_T</P><P>vpngroup nikas7 split-tunnel split_T</P><P>vpngroup nikas8 split-tunnel split_T</P><P>vpngroup nikas9 split-tunnel split_T</P><P>vpngroup nikas10 split-tunnel split_T</P><P>vpngroup nikas11 split-tunnel split_T</P><P>vpngroup nikas12 split-tunnel split_T</P><P>vpngroup nikas13 split-tunnel split_T</P><P>vpngroup nikas14 split-tunnel split_T</P><P>vpngroup nikas15 split-tunnel split_T</P><P>vpngroup nikas16 split-tunnel split_T</P><P>vpngroup nikas17 split-tunnel split_T</P><P>vpngroup nikas18 split-tunnel split_T</P><P>vpngroup nikas19 split-tunnel split_T</P><P></P><P></P><P></P></BODY></HTML> Wed, 28 Nov 2007 12:12:17 GMT https://community.cisco.com/t5/network-security/problem-with-vpn-client/m-p/899523#M959856 Alan Huseyin Kayahan 2007-11-28T12:12:17Z