Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
4
Replies

PIX VPN question...

befwguy80
Level 1
Level 1

‎09-07-2004 12:00 PM - edited ‎02-21-2020 01:19 PM

I was setting up my PIX to accept RAS VPN (PPTP) connections using the PDM VPN Wizard. I can get connected to it fine, however I cannot access anything on the inside of my firewall, which is the

whole point.

Any thoughts? Below is my appropriate configuration.

access-list inside_outbound_nat0_acl permit ip any 192.168.1.0 255.255.255.224

ip local pool VPNPOOL 192.168.1.1-192.168.1.20

nat (inside) 0 access-list inside_outbound_nat0_acl

vpdn group PPTP-VPDN-GROUP accept dialin pptp

vpdn group PPTP-VPDN-GROUP ppp authentication mschap

vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto required

vpdn group PPTP-VPDN-GROUP client configuration address local VPNPOOL

vpdn group PPTP-VPDN-GROUP client configuration dns 192.xxx.xxx.101

vpdn group PPTP-VPDN-GROUP pptp echo 60

vpdn group PPTP-VPDN-GROUP client authentication local

sysopt connection permit-pptp

Labels:
0 Helpful
4 Replies 4

evdvelde
Level 1
Level 1

‎09-07-2004 10:46 PM

Enter these commands to your configuration:

vpdn enable outside

vpdn username <> password <>

0 Helpful

befwguy80
Level 1
Level 1
In response to evdvelde

‎09-08-2004 04:36 AM

I missed those when I posted the config. Those commands are there. Again, I can connect to the VPN but cannot "see" anything on the inside of the firewall. I can't PING any of the internal addresses and tracing fails.

When the client connects and gets an IP Address the default gateway is the IP address assigned it. It is a different subnet than the subnet inside the firewall, so how does it know to route to those addresses? I did connect and added a route to the internal addresses through the IP address I was assigned, but even then it failed to contact the internal addresses.

This should be simple, especially using the wizard.

Any thoughts or comments?

0 Helpful

stevensavage
Level 1
Level 1
In response to befwguy80

‎09-29-2004 01:07 AM

Why the 224 subnet mask? Try a 24bit subnet - 255.255.255.0 and see if you still have the same issue.

0 Helpful

ehirsel
Level 6
Level 6
In response to befwguy80

‎09-29-2004 05:46 AM

Are there any routers between your firewall and the inside hosts?

Does the PIX log contain any interesting messages with regards to vpdn connections? If not, insure that you are logging to the buffer at the error level as a minumum, clear/archive the buffer log, and retry the vpdn connection, and then examine the log.

0 Helpful
Customers Also Viewed These Support Documents