08-30-2006 11:18 AM - edited 02-21-2020 02:36 PM
Here is the PIX setup with internal addresses:
(MAIN PIX 501) <--vpn--> (REMOTE PIX 501)
192.168.0.254/24 192.168.2.254/24
Using Windows VPN Client, connect to MAIN PIX via PPTP. Need to have access to web services on REMOTE PIX network, but connectivity fails. Connectivity to MAIN PIX network is OK.
I believe it is a routing issue, but the solution escapes me. What is required to accomplish this? Ideas? Relavent config sections are attached.
09-05-2006 12:02 PM
What is the version of os you are using in the PIX firewall ?
09-05-2006 12:40 PM
Are you trying to get to the remote site pix after establishing your pptp connection to the main site pix? If so then I do not see an access list that allows the network 10.77.1.x to the remote site. I believe you will need to add that to the other pix firewall as well.
09-07-2006 12:01 PM
Using PIX 6.3(1).
Do you mean something like:
MAIN-PIX:
access-list outside-in permit ip PPTP_LAN 255.255.255.0 REMOTE_LAN 255.255.255.0
REMOTE-PIX:
access-list outside-in permit ip PPTP_LAN 255.255.255.0 INSIDE_LAN 255.255.255.0
Should I also add an access-list entry in crypto_MAIN for PPTP_LAN/24 to REMOTE_LAN/24?
Any other considerations I have missed? I do not currently have remote access to try this solution, but will make an attempt soon.
Thanks for the help.
09-13-2006 11:16 AM
Testing resulted with no luck. I am not seeing any hits on the access-list entries on the MAIN PIX. Not even with a blanket deny entry as a last filter to see if the packets "fall-through" the access-list.
I thought it may be a routing issue in my client PC, so I locally added a route in Windows XP to forward the destination PPTP_LAN/24 network to the PPTP gateway found in the route table, but again to no avail. Still no hits on the access-list entries.
Can anyone else provide me some advice? Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide