trouble with VPN

apolkovnikov · ‎04-15-2005

Hello,

I have some trouble with VPN. I have PIX 515 with 6.3.4. I use Cisco VPN client to connect to PIX.

After PIX I have 6509 with vlan's. PIX inside in native vlan.

The problem is that I can't access any host's except native vlan on 6509.

How I can resolv this issue ? Please help.

Thanks in advice.

mostiguy · ‎04-15-2005

You probably need to include more statements for those subnets in your nat 0 configuration.

lgijssel · ‎04-15-2005

In addition to that, you also need to add static routes to the inside networks. You may use rip as an alternative.

Regards,

Leo

apolkovnikov · ‎04-17-2005

What route I must use ?

Summary like 10.201.0.0/16 or for each network like 10.201.3.0/24 ?

Pix inside is 10.201.1.30/24

At 6506 I have EIGRP.

Maybe I can use OSPF between 6506 and PIX ?

I don't want use rip because of excessive traffic.

apolkovnikov · ‎04-17-2005

Here configuration:

access-list 102 permit ip 10.201.0.0 255.255.0.0 10.201.8.0 255.255.255.0

access-list 102 permit ip 172.16.0.0 255.255.0.0 10.201.8.0 255.255.255.0

access-list 102 permit ip 10.201.8.0 255.255.255.0 10.201.0.0 255.255.0.0

nat (inside) 0 access-list 102

I can access only to net 10.201.1.0/24

Pix inside is 10.201.1.30.

Each /24 subnet has vlan i.e. 10.201.1.0/24 - vlan 1(native),

10.201.3.0/24 - vlan 3 and etc.

VPN pool - 10.201.8.0/24 not at vlan.