Vpn IP Poll

arifwa2009 · ‎04-06-2012

[VPN-CLIENT]----[INTERNET]---[2.2.2.2-PIX-10.10.10.20]-----[10.10.10.1-ROUTER]---[WAN CLOUD 10.10.0.0/16]

....

access-list nonat permit ip any 10.10.10.0 255.255.255.0

ip address inside 10.10.10.20 255.255.255.0

ip local pool ClientVPN 10.10.10.40-10.10.10.45

nat (inside) 0 access-list nonat

nat (inside) 1 172.27.0.0 255.255.0.0 0 0

route inside 10.10.0 255.255.255.0 10.10.10.1 1

route inside 10.10.20.0 255.255.255.0 10.10.10.1 1

route inside 10.10.21.0 255.255.255.0 10.10.10.1 1

.....

My Vpn client can connect successfully to PIX and got ip 10.10.10.40 but i can not ping to network behind PIX , i tried to trace with wireshark and the ping packet reached to PC client inside the WAN but i got request time out from VPN Client

1206: ICMP echo-request from outside:10.10.10.40 to 10.10.20.5 ID=1 seq=13310 length=40

1207: ICMP echo-reply from inside: 10.10.20.5 to 10.10.10.40 ID=1 seq=13310 length=40

another question is , is it possible to use private subnet for VPN client pool without touch any router configuration , so if i use 192.168.1.0/24 as i pool how the pc on WAN cloud with ips 10.10.20.30 can replay back the packet goes to PIX and sent to VPN client?

andrew.prince · ‎04-06-2012

You need to use another IP subnet for the VPN pool - using a subset of the inside will not work.

HTH>

arifwa2009 · ‎04-08-2012

Ok. thanks , i can reach the network that the same with PIX but i can not reach other network inside , is possible to do NAT so the user on VPN client can reach other network that i can ping from PIX

[VPN CLIENT] --->[2.2.2.2-PIX-10.10.10.20]-->[NET. 10.10.10.0/24]--[CLOUD]--[OTHER NETWORK ie. 10.10.20.0/24]