cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1385
Views
10
Helpful
20
Replies

PPTP VPN & Network Issue

mcsfirewall
Level 1
Level 1

Hey everyone,

I have setup a VPN using PPTP on a Cisco PIX 515e. We have two internal networks, 192.168.1.0 and 192.168.2.0.

VPN clients connect to the 192.168.1.0 network and are assigned an IP address.When they connect, they can ping any address in the 192.168.1.0 network without difficulty. Mapping to servers is no problem, either. However, I can't reach any address in the 192.168.2.0 network. No ping, no mapping.

The 192.168.2.0 network is connected via a direct T1 line to our office. They have internet, email, and can see the network down here without difficult, and they go through the firewall to get here. It's just that VPN clients can't get to them.

I am thinking I need to add the following line to point them up there:

route inside 192.168.1.0 255.255.255.0 192.168.2.0 1

I have added this line as well:

access-list Access permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

Access is the list of IP's the VPN clients are given.

My question is, will that first line allow the VPN clients to find the 192.168.2.0 network? If anyone needs me to post more information please let me know.

Thanks in advance

20 Replies 20

I entered the new configuration and it will not work . . . still timing out and can't find the 192.168.2.0 network.

If I check the USE DEFAULT GATEWAY OF LOCAL NETWORK on the client-side configuration, it works, but there then the user can't get to the internet.

Any ideas? Anyone?

Leave the "USE DEFAULT GATEWAY OF LOCAL NETWORK" unchecked. This should give you Internet access. Then add a static route on the Windows PC that routes traffic destined for 192.168.2.0 to the IP address assigned to the PPTP client.

That did it!

Thanks so much for all your help and patience in putting up with me! :)

Thanks again!

Good.

Quick note here. If the IP assigned to the client changes, you will have to modify the route on the Windows client accordingly.

To keep the route permanent (so that it does not get deleted from the Windows OS if the machine is rebooted) use persistent routes. The command is the same for adding a route in Windows. You just need a "-p" switch at the end.

Is there away to have the PIX dynamically assign networks that are reachable via tunnel without having to manually enter them on the client?

No, the PIX cannot do that because PPTP does not work have "config mode" like IPSec.

Alternatives include a startup script that injects the routes into the Windows client.