12-01-2004 01:28 AM - edited 02-21-2020 01:28 PM
Hi,
I have configured a Cisco Pix Firewall for my VPN tunnels and that is working fine when i connect to the lan where the Pix is connected.
When i want to contact a server on a sublocation over the vpn tunnel i get no response.
The pix can ping the server, but i can ´t ping the server through the vpn tunnel
IP adress pix 10.1.0.254
IP adress router 10.1.10.254
IP address router sublocation 10.2.10.254
IP address server sublocation 10.2.0.1
The default gateway on the lan is 10.1.10.254
This router makes an 3 des gre tunnel to 10.2.10.254
On this router there is a default route to the pix (for internet).
Solved! Go to Solution.
12-01-2004 05:57 AM
Hello...
make sure you route the IP pool configured on the PIX from the sublocation server/router. just try to ping the IP address that the VPN client has got from the server..
you also need to make sure you add this sublocation subnet on the nonat access-list.. otherwise your ip pool will see the server as a natted IP..
on the nonat access-list, permit any traffic from the sublocation pool to the IP pool..
hope this helps.. all the best..
12-01-2004 05:57 AM
Hello...
make sure you route the IP pool configured on the PIX from the sublocation server/router. just try to ping the IP address that the VPN client has got from the server..
you also need to make sure you add this sublocation subnet on the nonat access-list.. otherwise your ip pool will see the server as a natted IP..
on the nonat access-list, permit any traffic from the sublocation pool to the IP pool..
hope this helps.. all the best..
12-01-2004 12:04 PM
Hi,
Thanks for helping me out.
You are right about the no nat statement for the sublocations.
I add nat exemption rules for the sublocations and everything works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide