04-08-2005 08:52 AM - edited 02-21-2020 01:42 PM
We have a site, whose VPN clients
are connecting succesfully, but have no
access to our local resources.
When they check the statistics tab,
they can see that no key icon is present
next to our LAN address. This has happened
before and seems to be intermittent, but
I'd rather it not happen at all.
They are using an older VPN client.
But other sites using that same client
are trouble free.
If you have any insight, Id be greatly aprreciative.
Thanks.
Justin
04-08-2005 09:46 AM
Do you have nat traversal enabled on the device you are connecting to? It sounds like the isakmp (udp port 500) stuff is working in both directions, but not the actual ESP packets or the ESP encapsulated in UDP
04-08-2005 10:13 AM
yes that is enabled, its set to 20.
I should add that, the device were connecting
to is a PIX 515E.
04-08-2005 11:52 AM
They cannot access the local resources at their location or the resources at your location? If they can't access their local resources you need to have split-tunneling enabled. If they can't access your resources you may need to put an access list in the PIX config to allow access from the VPN user address pool to your local address.
For example if the VPN user's address pool is in the 172.16.1.0 subnet and your network is 192.168.0.0 subnet:
access-list 105 permit ip 192.168.0.0 255.255.240.0 172.16.1.0 255.255.255.0
Then you must apply this access list to the interface with:
nat (inside) 0 access-list 105
04-13-2005 08:54 AM
I experienced a similar problem. I could ping the network resources, but could not connect to them. On the servers you are trying to access, ensure you have enterred a static route to the VPN network address space. i.e. if your VPN network is 192.168.23.0 and your internal network is 192.168.22.0 make sure the servers holding the resources have a static map so they know how to communicate to the VPN network. If you enter the Route Add command in W2K, etc ensure you make it a persistent route so it is not lost in a reboot.
Hope that addresses your issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide