Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
4
Replies

VPN connects, No LAN access..

justin804
Level 1
Level 1

‎04-08-2005 08:52 AM - edited ‎02-21-2020 01:42 PM

We have a site, whose VPN clients

are connecting succesfully, but have no

access to our local resources.

When they check the statistics tab,

they can see that no key icon is present

next to our LAN address. This has happened

before and seems to be intermittent, but

I'd rather it not happen at all.

They are using an older VPN client.

But other sites using that same client

are trouble free.

If you have any insight, Id be greatly aprreciative.

Thanks.

Justin

Labels:
0 Helpful
4 Replies 4

mostiguy
Level 6
Level 6

‎04-08-2005 09:46 AM

Do you have nat traversal enabled on the device you are connecting to? It sounds like the isakmp (udp port 500) stuff is working in both directions, but not the actual ESP packets or the ESP encapsulated in UDP

0 Helpful

justin804
Level 1
Level 1
In response to mostiguy

‎04-08-2005 10:13 AM

yes that is enabled, its set to 20.

I should add that, the device were connecting

to is a PIX 515E.

0 Helpful

bhatok
Level 1
Level 1

‎04-08-2005 11:52 AM

They cannot access the local resources at their location or the resources at your location? If they can't access their local resources you need to have split-tunneling enabled. If they can't access your resources you may need to put an access list in the PIX config to allow access from the VPN user address pool to your local address.

For example if the VPN user's address pool is in the 172.16.1.0 subnet and your network is 192.168.0.0 subnet:

access-list 105 permit ip 192.168.0.0 255.255.240.0 172.16.1.0 255.255.255.0

Then you must apply this access list to the interface with:

nat (inside) 0 access-list 105

0 Helpful

NSPO-Admin
Level 1
Level 1

‎04-13-2005 08:54 AM

I experienced a similar problem. I could ping the network resources, but could not connect to them. On the servers you are trying to access, ensure you have enterred a static route to the VPN network address space. i.e. if your VPN network is 192.168.23.0 and your internal network is 192.168.22.0 make sure the servers holding the resources have a static map so they know how to communicate to the VPN network. If you enter the Route Add command in W2K, etc ensure you make it a persistent route so it is not lost in a reboot.

Hope that addresses your issue.

0 Helpful
Customers Also Viewed These Support Documents