Re: Setup Remote VPN on PIX 501

---

• From: roberson@xxxxxxxxxxxx (Walter Roberson)
• Date: Thu, 23 Mar 2006 15:48:49 GMT

---

In article <1143126551.698668.141300@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<tom.weber@xxxxxxxxx> wrote:

I'm trying to configure a remote VPN where clients can connect using
the VPN client and have access to the internal network. I'm new to the
PIX, and seem to be having some trouble.

All configuration is done through the PDM.

I used the Wizard to create the vpn server.

Internal Network 192.168.1.0/24
VPN IP Pool 10.10.10.1 - 10.10.10.11

And for the exemtion I just clicked finish, so they will have access to
the internal network.

The client can authenticate with the VPN server, and be assigned an ip
address, however cannot ping or access any internal clients, nor ping
the 192.168.1.1 internal interface on the PIX. Where am I going wrong?

The text version of your configuration (with passwords scrubbed)
would help.

I am not going to try to guess what the PDM might or might not have
done on your behalf -- too many different screens and you would
have to describe each configuration step and each drop-box selection
and so on for me to be able to replicate what you ended up with.
The text configuration is *much* easier to answer questions about.

My -guess- is that the PDM didn't happen to turn on
sysopt connection permit-ipsec
but I don't have enough information to be sure.

The client can authenticate with the VPN server, and be assigned an ip
address, however cannot ping or access any internal clients, nor ping
the 192.168.1.1 internal interface on the PIX. Where am I going wrong?

For your purposes you should assume that the VPN clients will
never be able to ping the PIX inside interface IP. [If you *really*
needed them to be able to do that, it would be possible to configure,
but it's a relatively advanced configuration and seldom worth the
bother.]
.

---

• Follow-Ups:
  • Re: Setup Remote VPN on PIX 501
    • From: tom . weber

• References:
  • Setup Remote VPN on PIX 501
    • From: tom . weber

• Prev by Date: Re: Moving Config from PIX 515 to 515e
• Next by Date: Re: 2 PIX Same COnfig, though 1 not connected to 'real' outside? Does not work?
• Previous by thread: Setup Remote VPN on PIX 501
• Next by thread: Re: Setup Remote VPN on PIX 501
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PIX501 NAT Problem ... The NAT configuration looks fine at the first glance. ... You cannot ping beacuse these are ICMP messages and the reply has nothing to ... > I used several basic configurations for NAT for the PIX 501. ... > fixup protocol http 80 ... (comp.security.firewalls) Re: Issue with Cisco VPN after adding second NIC to server... ... External: 192.168.0.2 (connected to inside interface on PIX), ... I can connect with the VPN client, but I can't ping the external NIC ... However, when on the server, I ... (microsoft.public.windows.server.sbs) Re: PIX 501 - problem ... > Once the IPs are repaired, then in the configuration you have now, ... > no-one would be able to ping any of your inside hosts. ... it isn't just ICMP Echo packets that the PIX will ... > Redirects and other ICMP you don't really want through. ... (comp.dcom.sys.cisco) Re: PIX Version 6.1(4) ... Yahoo Messenger and VPN client to connect to my other ... If your PIX is at 6.1then it has been that way for several ... Please post your configuration (with passwords removed and ... (comp.dcom.sys.cisco) Re: PIX VPN Client connects but not traffic passes through ... VPN client; can't even ping the private address on the PIX. ... (comp.dcom.sys.cisco)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.dcom.sys.cisco  > 2006-03