Re: PIX site to site and remote access PPTP VPN issue

snahosany · ‎07-26-2008

I have a little problem with remote access vpn using PPTP on a PIX 506E firewall. Actually i have a site-to-site vpn setup on the pix that connects to an ASA on the other side. When i tried to configure remote access PPTP vpn on the PIX, the clients can actually connect but cannot access the internal network behind the PIX. Cannot ping any machines inside, cannot access any server inside. I am attaching the PIX config, please help me out.

Regards,

Nawaz

a.alekseev · ‎07-26-2008

use another ip addresses for the pool.

no ip local pool pptp-pool 192.168.10.1-192.168.10.25

ip local pool pptp-pool 192.168.11.1-192.168.11.25

snahosany · ‎07-27-2008

Thanks for your prompt message alekseev. I want to ask however why should i change the address pool. Since i have used this one and have included the range in nonat. Could you please explain why i need to change these so that in the future i dont make the same mistake.

Thanks in advance.

a.alekseev · ‎07-26-2008

access-list NO-NAT permit ip 128.1.176.0 255.255.240.0 192.168.1.0 255.255.255.0

access-list NO-NAT permit ip 128.1.176.0 255.255.240.0 192.168.10.0 255.255.255.0

access-list NO-NAT permit ip 128.1.176.0 255.255.240.0 192.168.11.0 255.255.255.0

nat (inside) 0 access-list NO-NAT

snahosany · ‎07-27-2008

Alekseev:

this is the configuration on the PIX, the previous file was not the one running on the pix (Sorry about that). Could you please consider this one in your response.

Thanks.

Nawaz