I probably have an easy question with an easy resolution, but I cannot see it. I have a PIX 515 running 6.3(3) and I have set it up for PPTP VPDN with local authentication. I have a local pool dulling out the IP addresses for the VPN users. I authenticate fine and am given an IP address however I cannot communicate with anything on the Inside network. Am I missing something here. A second set of eyes would be helpful... Thanks.... Config below...
PIX Version 6.3(3)
name 192.168.0.4 isaserver
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.10.255.0 255.255.255.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.11.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.12.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.13.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.15.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list 101 permit ip 10.10.0.0 255.255.0.0 10.128.0.0 255.254.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.10.255.0 255.255.255.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.11.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.12.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.13.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.15.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list NoNAT permit ip 10.10.0.0 255.255.0.0 10.128.0.0 255.254.0.0
access-list 102 permit ip 10.10.255.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.11.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.12.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.13.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.15.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list 102 permit ip 10.10.0.0 255.255.0.0 10.128.0.0 255.254.0.0
ip address outside xx.xx.40.2 255.255.255.240
ip address inside 10.10.1.254 255.255.255.0
ip local pool bigpool 10.10.255.1-10.10.255.10
global (outside) 1 interface
global (outside) 2 xx.xx.40.3
nat (inside) 0 access-list NoNAT
nat (inside) 1 10.10.0.0 255.255.252.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group outside in interface outside
access-group 102 in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.40.1 1
route inside 10.10.0.0 255.255.0.0 10.10.1.1 1
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set toyota esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map bmw 1 ipsec-isakmp
crypto map bmw 1 match address 101
crypto map bmw 1 set peer xx.xx.132.82
crypto map bmw 1 set transform-set toyota
crypto map bmw interface outside
isakmp enable outside
isakmp key ******** address xx.xx.132.82
netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
management-access inside
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe 40
vpdn group 1 client configuration address local bigpool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username cisco password *********
vpdn enable outside
