Re: VPN with PIX 501

admin_2 · ‎11-09-2002

VPN with PIX firewall

This is the existing setup I have walked into, I did not set it up but need to fix it. Ok here we go, first their is a cisco pix 501 that handles the vpn, its' inside address is 192.168.2.1 and it's connected to a nic in the server with an ip of 192.168.2.2, their is another nic in the server (192.168.1.2) this nic connects to a switch where all of the pc's connect. All of the pc's get addresses in the 192.168.1.X range from the dhcp server. The problem is when I vpn in I can't get past the server. Is their any way I can setup a route from the 192.168.2.2 nic over to the 192.168.1.2 nic? I have a NAS that I need access to and it's on the 192.168.1.x network. Is this possible or should I change the inside address of the pix and plug it directly into the switch? Any help or suggestions would be appreciated. By the way the server is running Windows 2000 server, and the pix firewall is a 501 model.

edadios · ‎11-10-2002

Seems like your issue is with the microsoft server routing.

If the pix has a route inside 192.168.1.0 pointing to 192.168.2.2, and your vpn is allowed to reach 192.168.2.0 by the access-list and nat (inside) 0, then you have to fix your microsoft servers routing.

Otherwise you can also give the pix a 192.168.2.x address, and directly connect to the switch, still, you would need the correct access-list and nat(inside) 0 statements for the vpn.

Regards,

marwahs · ‎11-11-2002

You have to chex the box "enable IP-forwarding" or "enable IP-routing" in the properties for TCP/IP in the W2K server. Otherwise the server won´t route between the nic´s

Regards,

Report Inappropriate Content · ‎11-11-2002

Where exactly would I find this? Is it the tcp/ip settings for each individual nic itself or for win 2k? Thanks, in advance