Re: Trouble Passing through to the Server - Page 2

wjacobs77 · ‎05-07-2010

Hi,

I just installed a VPN client version 5.0.07.0290 on my new Windows 7 Professional Laptop. Our server is a Windows Small Business Server 2003 with a PIx 501 firewall. I got a connection but could not get into the server. I set the VPN client the same way as I did with a previous version of the Cisco VPN client that was on a Windows XP Pro laptop.

Any suggestions??

Federico Coto Fajardo · ‎05-07-2010

Wes,

What do you mean with this:

I just pinged the IP address that is being used by the client and it worked.

Federico.

wjacobs77 · ‎05-07-2010

Ok. The vpn set-up requires a Host, right?? So I used this address using the ping command and it worked. Is that not right??

Federico Coto Fajardo · ‎05-08-2010

Ok Wes,

After all the troubleshooting could you please give me the status of where are we right now?

Still not communicating with the server?

Federico.

wjacobs77 · ‎05-10-2010

Federico,

After all of our discussions I could not get into the server. I am currently at the work location and can access any information

that I could not when I was offsite.

I had a Laptop with XP Pro and a Cisco VPN client. I got a new laptop running Windows 7 Pro. So I downloaded a 64-bit Cisco CLient for Windows 7. Set it up the same way and even showed that I got a connection. But on the server side there were just zeros. So evidently did not get through.

We have a Pix 501 unit. What information do I need and how can I configure from the work side so that I can properly test it offsite??

Thanks,

Wes

Federico Coto Fajardo · ‎05-10-2010

Wes,

Do the following:

Get a ''sh run'' from the PIX and we can configure it later to make it work.

We will need to know the network information of the PIX (IP address, mask, default gateway,etc)

Federico.

wjacobs77 · ‎05-12-2010

Federico,

I got the "sho run" information:

name 192.168.2.0 VPN Connections

permit ip any VPN Connections 255.255.255.0

access-list 101 permit icmp any any echo-reply

access-list permit tcp any host 96.11.167.10 eq smtp

access-list permit tcp any host 96.11.167.10 eq https

logging host inside 192.168.1.10

mtu outside 1500

mtu inside 1500

ip address outside 96.11.167.10 255.255.255.248

ip address inside 192.168.1.1 255.255.255.0

ip local pool vpn_pool 192.168.2.150

anything else we need?

Thanks,

Wes

Federico Coto Fajardo · ‎05-12-2010

Wes,

You just got a snipnet of the sh run.

Can you post the complete ''sh run''?

Federico.

wjacobs77 · ‎05-13-2010

I have attached it to the reply.

Thanks,

Wes

wjacobs77 · ‎05-13-2010

Federico,

Have you been able to review sh run? I have no idea as to why this is not working. I uninstalled the client, reinstalled it with the same results.

Let me know what you think.

Wes

Federico Coto Fajardo · ‎05-13-2010

Wes,

Add this command:
management-access inside

Also add this command:
sysopt connection permit-vpn
Then, check if you can PING 192.168.1.1 from the VPN client.

What is the IP of the server? 192.168.1.x?
Check that the default gateway of the server is 192.168.1.1

Federico.

wjacobs77 · ‎05-13-2010

Federico,

Do I make the entry at the Pix unit or from the client? If from the client do I do this from a DOS prompt?

Thanks so much for your help. The server IP Address is 192.168.1.10

Wes

wjacobs77 · ‎05-14-2010

Federico,

I opened the Pix Manager and entered the first command and it seemed to accept this. I attempted the second command and it failed. So what is next??

Wes

Federico Coto Fajardo · ‎05-14-2010

Wes,

If it took the command: management-access inside

Make sure that you can PING 192.168.1.1 from the VPN client when connected.

Federico.

5220 · ‎05-14-2010

Hi Jacobs,

sometime the problem is related to the MTU. There is a "SetMTU" utility in the same folder with the vpn client exec file (i think it is also in the VPN client start menu). Setup the valut 1300 for all connections, reboot and then try the access again.

Regards,
Daniel