05-02-2011 01:00 PM
When I vpn into our network it gives me an ip address within the range: 192.168.200.1 - 192.168.200.50.
The following access works when vpn'd in: 192.168.200.x -> 10.2.28.x
The following access does not work when vpn'd in: 192.168.200.x -> 192.168.50.x
Can someone please let me know what I need to have in the PIX config to make this work?
Thank you,
Thomas
Solved! Go to Solution.
05-03-2011 09:10 AM
1. Add 192.168.50.0 to your split tunnel acl
access-list remotevpnbhc_splitTunnelAcl permit ip 192.168.50.0 255.255.252.0 any
2. add the traffic between 192.168.50.0 and vpn client to ACL which is used by NAT 0
access-list vpn_insideacl permit ip 192.16.50.0 255.255.252.0 192.168.200.0 255.255.255.0
05-02-2011 02:24 PM
In general
1) nat bypass for traffic 192.168.200.x -> 192.168.50.x, make sure this traffic is included in ACL which is used by nat 0 command.
2) check routing
3) if using split-tunnel, make sure 192.168.50.x is included in split tunnel acl.
05-03-2011 07:32 AM
05-03-2011 09:10 AM
1. Add 192.168.50.0 to your split tunnel acl
access-list remotevpnbhc_splitTunnelAcl permit ip 192.168.50.0 255.255.252.0 any
2. add the traffic between 192.168.50.0 and vpn client to ACL which is used by NAT 0
access-list vpn_insideacl permit ip 192.16.50.0 255.255.252.0 192.168.200.0 255.255.255.0
05-03-2011 12:12 PM
Yudong,
Thank you very much. Your suggestion worked! All I had to do after adding your lines was to add the route.
Also, for the 192.168.50.0 network I had to use a subnet a 255.255.255.0 instead of 255.255.252.0.
Thank again!
Thomas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide