• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 924
  • Last Modified:

Cisco PIX 506e + Cisco VPN Client 4.03

Following this:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml

I was able to setup a VPN connection, however I am unable to browse the remote network.

Any ideas / help on how to troubleshoot this?
0
just1coder
Asked:
just1coder
  • 9
  • 6
1 Solution
 
lrmooreCommented:
Do you have internal DNS/WINS servers?
Are they properly identified in the vpngroup config?
Did you use a separate IP subnet for your clients than your local LAN?

Can you paste your config?

You can try adding a LMHOSTS file with domain controller identified...

0
 
just1coderAuthor Commented:
Sorry, I should have been more specific. I *can* browse to the remote LAN servers via IP address, but not hostname.

Is there a particular part of the config?

LMHOSTS ?
0
 
just1coderAuthor Commented:
The remote LAN has internal DNS - no WINS.

There is a seperate submet for the VPN clients.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
lrmooreCommented:
Try adding a LMHOSTS file on your PC. You only need the two entries for the Domain Controller:

http://support.microsoft.com/kb/180094/EN-US/
0
 
just1coderAuthor Commented:
Great - thanks

Is there anything I can do to allow the VPN, as well as the normal traffic simultaneously?

Whenever I open the VPN it drops all of my other connections.
0
 
lrmooreCommented:
Use the split-tunnel acl and only define traffic from your local lan to the VPN client subnet

Example:

   access-list split_tunnel_acl permit ip <local lan> mask <client subnet> mask
  vpngroup split-tunnel split_tunnel_acl

0
 
just1coderAuthor Commented:
OK, looking good! But now when I have my connection established, and another user connects my connection is dropped.
0
 
lrmooreCommented:
That's not good...
How many IP addresses are there in your VPN address pool?
0
 
just1coderAuthor Commented:
Thanks for you help!! If I had more pts I would certianly assign them :)

For the IP pool, I used: 10.99.99.0 - 10.99.99.255

On another note, adding this to the config seems to have aced my existing PIX-to-PIX config :o

nat (inside) 0 access-list no_nat <-- that was changed to: nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

coudl I have just added it as:
nat (inside) 2 access-list 101?

Thank goodness for backups.
0
 
lrmooreCommented:
I'd have to see your complete config, but I'll try to explain
<you can always buy points>

You need multiple entries in your nat 0 acl. Combine both the VPN clients and the remote site LAN-LAN vpn:

   access-list 101 permit ip <local subnet> mask <remote subnet> mask
   access-list 101 permit ip <local subnet> mask 10.99.99.0 255.255.255.0
   nat (inside) 0 access-list 101
                    ^^
                   This MUST be a zero
0
 
just1coderAuthor Commented:
I see. Thanks. I will give that a go.
0
 
just1coderAuthor Commented:
I went through the examples line for line and was able to get both working successfully, however I still have the problem where I can not have more than 1 user connected to the VPN at the same time.
0
 
lrmooreCommented:
Do you have nat-traversal enabled?

 isakmp nat-traversal 20  
0
 
just1coderAuthor Commented:
No - will try now.
0
 
just1coderAuthor Commented:
Excellent, thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now