Problems with PIX VPN
Posted on 2004-10-17
Im having some difficulties when trying to connect VPN remote users to a PIX 501.
I use cisco VPN client to connect to the 501. Everything works fine, the clients connect and can work perfectly, no problem so far. Now i need to solve a problem i find when connecting to specific servers, i explain:
Lets say i have an internal LAN with 192.168.1.0/24 (192.168.1.254 for the PIX). I have a pool selected in the PIX for the VPN clients which is 10.0.0.10-10.0.0.20. When clients connect, they communicate with any server in the internal LAN, as long as the server has its default gateway pointing to the PIX (192.168.1.254). The problem is i have several servers that need to use another default gateway (WAN), and with these, the VPN clients cannot communicate, because the servers' replies dont go back through the PIX.
Then i thought: if i choose a pool like for example 192.168.1.10-192.168.1.20 for the VPN clients it should work. Well, it doesn't. Am i missing something? Shouldn't it work with the second pool?. Actually, i know it can work because it used to work before the PIX with an ISA server instead of it.
I know that placing static routes to the first pool in every server would solve the problem, im trying to avoid this solution, because as i said, it worked with ISA server, so i almost sure it has to work with the PIX, right?