Showing results for 
Search instead for 
Did you mean: 

RAVPN connected to pix but no access to remote lan

Dear all,

am having pix515E ver 7.0.1 and vpn client version 5.x. Connection is done only via TCP port 10000 but i cant access remote lan.

in the statistics it shows the secure route but when i ping to remote lan it replay with request time out.

below is the config,,, please advice to reach the remote lan..

PIXvpn(config)# sh run
: Saved
PIX Version 7.0(2)
interface Ethernet0
 nameif outside
 security-level 0
 ip address
interface Ethernet1
 nameif inside
 security-level 100
 ip address
enable password hwyWti9GugRE.X1u encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIXvpn
domain-name default.domain.invalid
ftp mode passive
dns retries 2
dns timeout 2
dns domain-lookup outside
dns name-server
access-list 120 extended permit ip any any
access-list 102 extended permit ip
access-list 102 extended permit ip
access-list split1 extended permit ip
access-list split1 extended permit ip
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool mypool
no failover
monitor-interface outside
monitor-interface inside
asdm image flash:/asdm-506.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 102
nat (inside) 1
access-group 120 in interface outside
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy alkaboosexch internal
group-policy alkaboosexch attributes
 vpn-idle-timeout 1440
 vpn-tunnel-protocol IPSec
 re-xauth enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split1

 default-domain value
username admin password tJ3BtwCuHwc3INRG encrypted privilege 15
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
username alkaboosexch password yB.oXvNi88YcqEBP encrypted
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http outside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set test esp-3des esp-md5-hmac
crypto dynamic-map map2 10 set transform-set test
crypto dynamic-map map2 10 set reverse-route
crypto map map1 10 ipsec-isakmp dynamic map2
crypto map map1 interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 2147483647
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
isakmp nat-traversal  30
isakmp ipsec-over-tcp port 10000
telnet outside
telnet inside
telnet timeout 15
ssh outside
ssh timeout 30
console timeout 0
tunnel-group alkaboosexch type ipsec-ra
tunnel-group alkaboosexch general-attributes
 address-pool mypool
 default-group-policy alkaboosexch
tunnel-group alkaboosexch ipsec-attributes
 pre-shared-key *

class-map inspection_default
 match default-inspection-traffic
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
service-policy global_policy global

Cisco Employee

in the internal lan, do you

in the internal lan, do you have a return route for network pointing back to the ASA?

Note: the Pix and the VPN client are EOS and EOL