03-07-2007 01:14 PM - edited 03-11-2019 02:43 AM
I am new to PIX and I would like to set up a connection so I can connect to PIX over the internet. I have the client software. What is a basic configuration can I use on the pix to make this work.
03-07-2007 01:20 PM
Hi,
Try the following document :
HTH,
Please rate the post if it helps,
Regards,
Kamal
03-07-2007 06:30 PM
I was able to set up the client vpn connection but once I have a connection I am not able to connect to any devices on the inside network. The client also gets a default gateway which is the same as the ip address. Is this normal? I am only able to ping the inside interface of the PIX but no other devices in the network. Any help would be greatly appreciated.
Thanks,
L
03-08-2007 04:51 AM
Hi,
Enable "isakmp nat-t" on the PIX.
Hope this helps !!
-Kanishka
03-08-2007 06:56 AM
Hi Kanishka,
I tried this command but it did not help. the host uses it's own ip address as the default gateway. Is this normal? How can I change this?
Thanks,
03-08-2007 07:02 AM
If you do not have split tunneling enabled, the client will always have the pool iip as the default gateway. Its normal.
I would like to check the NAT rules on the PIX, if you can post them.
-Kanishka
03-08-2007 07:28 AM
The inside network is 1.1.1.0/24. Below are the ACL's and NAT rules.
ip local pool remotevpn 1.1.1.245-1.1.1.246 mask 255.255.255.252
access-list INSIDE_nat0_outbound extended permit ip any 1.1.1.244 255.255.255.252
global (OUTSIDE) 1 interface
nat (INSIDE) 0 access-list INSIDE_nat0_outbound
nat (INSIDE) 1 1.1.1.0 255.255.255.0
access-list OUTSIDE extended permit ip any any
access-list INSIDE_access_in extended permit ip any any
access-list OUTSIDE_access_in extended permit ip any any
access-group INSIDE_access_in in interface INSIDE
access-group OUTSIDE_access_in in interface OUTSIDE
access-group OUTSIDE out interface OUTSIDE
crypto isakmp nat-traversal 20
Thanks,
L
03-08-2007 08:08 AM
Hi,
Its not recommneded to have pool of the same subnet as the inside network as it will lead to routing issues.
Change the pool to any other subnet and also make the corresponding changes in the NAT 0 ACL.
Let me know if this helps.
-Kanishka
03-07-2007 01:21 PM
Hi ,
Here's the link :
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
*Please rate if it helps.
-Kanishka
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide