I have a PIX 506E running software 6.3(3), with a pretty vanilla configuration. I am trying to allow Windows clients PPTP access to the inside network.
I have 192.168.1.0/C as my inside network, single public IP as my outside network running NAT.
I configured 192.168.2.0/C as my PPTP pool, set up using the VPN Wizard in PDM (also tried this manually but no help).
I created users and can get connect and get an IP address, but cannot ping or otherwise exchange traffic with the inside network.
What's wrong? Do I need to create a special access rule? If so, what sort, and why didn't Mr. Wizard do this for me?
Relevant portions of configuration after "wizarding" it:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list inside_outbound_nat0_acl permit ip any 192.168.2.0 255.255.255.128
mtu inside 1500
ip address outside 64.X.X.1 255.255.255.192
ip address inside 192.168.1.1 255.255.255.0
ip local pool pptp_pool 192.168.2.1-192.168.2.100
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 0 192.168.2.0 255.255.255.0 0 0
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe 40 required
vpdn group PPTP-VPDN-GROUP client configuration address local pptp_pool
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username testuser password *********
vpdn enable outside
dhcpd address 192.168.1.2-192.168.1.100 inside