[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.9

Connecting to branch Office Resources through Cisco VPN Client and site to site VPN

Asked by aghuggins22 in Cisco PIX Firewall

Tags: Cisco, PIX, PIX Version 6.3(5), Cisco Pix Client VPN Mult-Site VPN

Hello Experts:

I need to access a branch office while connected to Corporate Office via Cisco VPN Client.  Here is the Network Setup:

Corporate Office: 192.168.30.x (Cisco PIX 501)
Branch Office: 192.168.10.x (Cisco PIX 501)

Corporate Cisco VPN Address Pool: 192.168.40.x (I receive an IP Address from this pool when connected remotely via VPN Client)

The Corporate and Branch Offices are connected via Cisco Site to Site VPN.  If I am working from home and connect to the Corporate Office through the Cisco VPN Client, I cannot ping or access the branch office (192.168.10.x).

What do I need to do so that when I VPN to the Corporate Office, I can fullly access the Branch Office?
I am attaching the Running Config of the PIX at the Corporate Office.
Thank you! 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:

PIX Version 6.3(5)
interface ethernet0 10baset
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 88X7j6pCKur1MqeX encrypted
passwd 1cTVG04zDzkJrKn0 encrypted
hostname company-NEW-CASTLE
domain-name company.com
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.30.66 Andy
name 192.168.30.198 Adam
name 75.145.35.21 Husky
name 192.168.30.202 HUskyInside
access-list no_nat permit ip any 192.168.40.0 255.255.255.0 
access-list no_nat permit ip 192.168.30.0 255.255.255.0 192.168.10.0 255.255.255.0 
access-list 100 permit ip 192.168.30.0 255.255.255.0 192.168.10.0 255.255.255.0 
access-list split_tunnel permit ip 192.168.30.0 255.255.255.0 192.168.40.0 255.255.255.0 
access-list acl_in permit icmp any any 
access-list acl_in permit tcp any any eq domain 
access-list acl_in permit udp any any eq domain 
access-list acl_in permit tcp any host 75.145.35.18 eq www 
access-list acl_in permit tcp any host 75.145.35.18 eq smtp 
access-list acl_in permit tcp any host 75.145.35.18 eq pop3 
access-list acl_in permit tcp any host 75.145.35.18 eq https 
access-list acl_in permit udp any host 75.145.35.18 eq www 
access-list acl_in permit tcp any host 75.145.35.18 eq 555 
access-list acl_in permit udp any host 75.145.35.18 eq 555 
access-list acl_in permit tcp any host 75.145.35.19 eq 3389 
access-list acl_in permit tcp any host 75.145.35.20 eq 3389 
access-list acl_in permit tcp any host Husky 
access-list company_NC_splitTunnelAcl permit ip 192.168.30.0 255.255.255.0 any 
access-list company_NC_splitTunnelAcl permit ip 192.168.10.0 255.255.255.0 any 
no pager
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 75.145.35.17 255.255.255.248
ip address inside 192.168.30.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN_CLIENT 192.168.40.1-192.168.40.254
pdm location 0.0.0.0 0.0.0.0 outside
pdm location 192.168.1.0 255.255.255.0 inside
pdm location 192.168.40.0 255.255.255.0 inside
pdm location 68.152.44.17 255.255.255.255 outside
pdm location 192.168.40.0 255.255.255.0 outside
pdm location 192.168.30.0 255.255.255.0 inside
pdm location 192.168.10.0 255.255.255.0 outside
pdm location 192.168.30.10 255.255.255.255 inside
pdm location Andy 255.255.255.255 inside
pdm location 75.145.35.19 255.255.255.255 outside
pdm location Adam 255.255.255.255 inside
pdm location 75.145.35.20 255.255.255.255 outside
pdm location Husky 255.255.255.255 outside
pdm location HUskyInside 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list no_nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 75.145.35.18 192.168.30.10 netmask 255.255.255.255 0 0 
static (inside,outside) 75.145.35.19 Andy netmask 255.255.255.255 0 0 
static (inside,outside) 75.145.35.20 Adam netmask 255.255.255.255 0 0 
static (inside,outside) Husky HUskyInside netmask 255.255.255.255 0 0 
access-group acl_in in interface outside
route outside 0.0.0.0 0.0.0.0 75.145.35.22 1
timeout xlate 1:01:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+ 
aaa-server TACACS+ max-failed-attempts 3 
aaa-server TACACS+ deadtime 10 
aaa-server RADIUS protocol radius 
aaa-server RADIUS max-failed-attempts 3 
aaa-server RADIUS deadtime 10 
aaa-server LOCAL protocol local 
ntp server 68.152.44.1 source outside prefer
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0 inside
http 192.168.30.0 255.255.255.0 inside
http 192.168.40.0 255.255.255.0 inside
snmp-server host outside 68.152.44.17 poll
snmp-server location company_NEW_CASTLE
snmp-server contact Rob
snmp-server community company
no snmp-server enable traps
tftp-server inside Andy \
floodguard enable
sysopt connection permit-ipsec
sysopt noproxyarp inside
crypto ipsec transform-set company esp-3des esp-md5-hmac 
crypto dynamic-map dynmap 20 set transform-set company
crypto map company 10 ipsec-isakmp
crypto map company 10 match address 100
crypto map company 10 set peer 68.152.46.54
crypto map company 10 set transform-set company
crypto map company 20 ipsec-isakmp dynamic dynmap
crypto map company interface outside
isakmp enable outside
isakmp key ******** address 68.152.46.54 netmask 255.255.255.255 no-xauth no-config-mode 
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup company_NC address-pool VPN_CLIENT
vpngroup company_NC dns-server 192.168.30.11 192.168.30.10
vpngroup company_NC wins-server 192.168.30.11 192.168.30.10
vpngroup company_NC default-domain companydomain.com
vpngroup company_NC split-tunnel company_NC_splitTunnelAcl
vpngroup company_NC idle-time 1800
vpngroup company_NC password ********
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.30.0 255.255.255.0 inside
ssh 192.168.40.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
vpdn group MVPN accept dialin pptp
vpdn group MVPN ppp authentication pap
vpdn group MVPN ppp authentication chap
vpdn group MVPN ppp authentication mschap
vpdn group MVPN client configuration address local VPN_CLIENT
vpdn group MVPN client configuration dns 192.168.30.10 192.168.30.10
vpdn group MVPN client configuration wins 192.168.30.11 192.168.30.11
vpdn group MVPN pptp echo 300
vpdn group MVPN client authentication local
dhcpd address 192.168.30.20-192.168.30.61 inside
dhcpd dns 192.168.30.11 192.168.30.10
dhcpd wins 192.168.30.11 192.168.30.10
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd domain companydomain.com
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:3c0155a83b1dd3b640a4af3cef9c0ab4
: end
[OK]
 
Related Solutions
Keywords: Connecting to branch Office Resource…
Title
1 VPN Options with Cisco PIX
2 Cisco VPN to PIX setup
3 PIX 501 VPN Configuration
4 Pix 515, IOS 7.1, Cisco VPN Cli…
5 PiX Muliti VPN Tunnel
6 Cisco Pix506 and VPN problems afte…
 
Loading Advertisement...
 
[+][-]04/20/08 07:48 PM, ID: 21398493Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/21/08 11:43 AM, ID: 21404728Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zone: Cisco PIX Firewall
Tags: Cisco, PIX, PIX Version 6.3(5), Cisco Pix Client VPN Mult-Site VPN
Sign Up Now!
Solution Provided By: lrmoore
Participating Experts: 1
Solution Grade: A
 
[+][-]04/23/08 02:39 PM, ID: 21425695Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 / EE_QW_2_20070628