Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6891
Views
0
Helpful
45
Replies

Client connected to remote access VPN but got wrong default gateway

Go to solution
robert.huang
Level 1
Level 1

‎02-27-2015 07:17 AM - edited ‎02-21-2020 08:06 PM

Hi All,

 

I have been struggling for some days and really need some help here. My PC (192.168.254.x) is on the same vlan with outside interface (192.168.254.171) of my PIX506E. When I launch the Cisco VPN client, my PC shows connected and gets the IP of 10.9.0.150 which is expected. However, it also gets the gateway of 10.9.0.1 which I have no idea where it comes from. Thus my PC can't access any internal  network or external network.

 

I've listed my configuration below and highlighted the part that I typed in. PIX version 7.1(2) is the highest version I can install on PIX506E. Please help. Thanks a lot.

 

pixfirewall# sh run
: Saved
:
PIX Version 7.1(2)
!
hostname pixfirewall
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 192.168.254.171 255.255.255.0
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system flash:/pix712.bin
ftp mode passive
pager lines 24
logging enable
logging timestamp
logging buffered informational
mtu outside 1500
mtu inside 1500
ip local pool ROBERT-POOL 10.9.0.150-10.9.0.160 mask 255.255.255.0
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.254.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy Robert-GP internal
group-policy Robert-GP attributes
 dns-server value 8.8.8.8
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username robert password yXUoa8oHzS0Ncp2O encrypted
username robert attributes
 vpn-group-policy Robert-GP
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set MYSET esp-3des esp-md5-hmac
crypto dynamic-map DYN1 1 set transform-set MYSET
crypto dynamic-map DYN1 1 set reverse-route
crypto map MYMAP 1 ipsec-isakmp dynamic DYN1
crypto map MYMAP interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp nat-traversal  30
tunnel-group ROBERT-GROUP type ipsec-ra
tunnel-group ROBERT-GROUP general-attributes
 address-pool ROBERT-POOL
 default-group-policy Robert-GP
tunnel-group ROBERT-GROUP ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
ssh version 2
console timeout 0
ssl encryption rc4-md5
Cryptochecksum:7157c6095f2abae2aae9e15c1caa81aa
: end
pixfirewall#

Labels:
0 Helpful
45 Replies 45

Go to solution
rizwanr74
Level 7
Level 7
In response to robert.huang

‎03-05-2015 02:50 PM

I might test this out on my PIX firewall and give you access to, via remote access, hopefully this weekend.

 

thanks

 

0 Helpful
Customers Also Viewed These Support Documents