Solved: Unable to reach sublocation with VPN tunnel

egerritsen · ‎12-01-2004

Hi,

I have configured a Cisco Pix Firewall for my VPN tunnels and that is working fine when i connect to the lan where the Pix is connected.

When i want to contact a server on a sublocation over the vpn tunnel i get no response.

The pix can ping the server, but i can ´t ping the server through the vpn tunnel

IP adress pix 10.1.0.254

IP adress router 10.1.10.254

IP address router sublocation 10.2.10.254

IP address server sublocation 10.2.0.1

The default gateway on the lan is 10.1.10.254

This router makes an 3 des gre tunnel to 10.2.10.254

On this router there is a default route to the pix (for internet).

sachinraja · ‎12-01-2004

Hello...

make sure you route the IP pool configured on the PIX from the sublocation server/router. just try to ping the IP address that the VPN client has got from the server..

you also need to make sure you add this sublocation subnet on the nonat access-list.. otherwise your ip pool will see the server as a natted IP..

on the nonat access-list, permit any traffic from the sublocation pool to the IP pool..

hope this helps.. all the best..

View solution in original post

sachinraja · ‎12-01-2004

Hello...

make sure you route the IP pool configured on the PIX from the sublocation server/router. just try to ping the IP address that the VPN client has got from the server..

you also need to make sure you add this sublocation subnet on the nonat access-list.. otherwise your ip pool will see the server as a natted IP..

on the nonat access-list, permit any traffic from the sublocation pool to the IP pool..

hope this helps.. all the best..

egerritsen · ‎12-01-2004

Hi,

Thanks for helping me out.

You are right about the no nat statement for the sublocations.

I add nat exemption rules for the sublocations and everything works fine.