Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
3
Replies

VPN access beyond PIX515e 6.3 nas...

joe_wilkins2001
Level 1
Level 1

‎04-07-2004 10:26 AM - edited ‎02-21-2020 01:06 PM

Hello,

I am trying to get a remote access pptp vpn setup from remote windows clients through a pix515e using radius to authenticate to a windows 2000 domain. I am able to establish the vpn connection ok and the radius is authenticating the right domain users to allow the vpn but I am then unable to access any domain resources beyond the outside interface of the pix.

Any ideas?!?!??!

Thanks!

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎04-13-2004 06:55 PM

Difficult to say without seeing your config, but make sure you have it configured like this:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080143a5d.shtml

Specifically, if you're getting connected OK then your vpdn config is probably OK. If you can't pass traffic check your "nat 0" and "access-list" commands, you have to tell the PIX not to NAT any of the traffic that is to go over a PPTP tunnel, so you need something like this:

access-list 101 permit ip

nat (inside) 0 access-list 101

Check you have the "sysopt" command also.

0 Helpful

joe_wilkins2001
Level 1
Level 1
In response to gfullage

‎04-14-2004 08:15 AM

THANK YOU!!!

I'm so glad to finally receive any suggestions! I will try to implement your ideas and will reply as soon as I have more info. Here is our current pix config in the attachment. All identifying names or ip addresses have been x'ed out but you will get the idea...

Again thank you!

Preview file
8 KB
0 Helpful

joe_wilkins2001
Level 1
Level 1
In response to joe_wilkins2001

‎04-14-2004 09:45 AM

It looks like the suggestions that you mentioned were already in the pix config that I am having trouble with. I did go in and try to work with the nat0 and matching acl but to no avail. I still get a good vpn connection to the pix which authenticates my user/password with radius to a w2k server but then can not access anything on the network.

I did notice that the IP address that I receive for my vpn client is from the ip local pool ok, but I get a 255.255.255.255 netmask and am wondering if that is the problem since everything on our inside network is on different 255.255.255.0 subnets. I can not find a way to make sure the vpn client receives an address from the ip local pool AND a 255.255.255.0 subnet mask...

0 Helpful
Customers Also Viewed These Support Documents