Re: VPN Client trouble

gda · ‎11-26-2007

I have a Cisco PIX with a site-to-site vpn and also client-to-site vpn. I can authenticate to the vpn and connect, however, I cannot access a pc on the internal network via Remote desktop. I have attached my config. Can someone tell me if I am missing something?

Config attached:

Thanks,

GDA

gda · ‎11-26-2007

Here's the config

timkaye · ‎11-26-2007

Hello.

I would suggest your not performing a no NAT (NAT 0) for traffic from the 192.168.50.x network to the 192.168.50.x networks.

Add the following and see how that goes....

access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.50.0 255.255.255.0

You may wish to add it with the correc subnets and mask for the internal and IPSEC client vpn ranges.

Tim

gda · ‎11-27-2007

I think I already have the access-list nonat permit ip 192.168.50.0 255.255.255.0 192.168.51.0 255.255.255.0. Should I just remove the command: nat (inside) 0 access-list nonat?

Thanks,

GDA

timkaye · ‎12-02-2007

No.

Your current acl is for the 50.0 to the 51.0 networks.

You have indicated your trying to get to an internal host, which i presume is on the 50.x subnet.

Your IP pool for IPSEC clients is also 50.x, hence your nat statement does not match.

Tim

kagodfrey · ‎12-03-2007

Or you could just change your IP pool Pool1 range to 192.168.51.200-192.168.51.254 so it matches your ruleset, and see how that goes.

HTH

Kev