?
Solved

VPN issue accessing internal LAN with SBS 2003 with 2 NIC and PIX 501.

Posted on 2005-04-26
16
Medium Priority
?
346 Views
Last Modified: 2013-11-16
Hi,

I have a SBS 2003 server with 2 NIC's.

Nic 1 - Internal Lan
IP 192.168.200.2

Nic 2 - External Lan
IP 192.168.100.2

The PIX is connected to the external LAN.

The PIX has been configured for VPN access using the Cisco VPN client. I can connect to the PIX ok and i can access the server using the external IP but i can not see anything on the internal lan.

My question is can i access the internal LAN from the PIX and if so how. From the PIX i can not ping anything on the internal LAN which maybe a routing issuing, i know the PIX can't route so do i need a router somewhere.

Thanks in advance for any help and suggestions.
0
Comment
Question by:pskemp
  • 7
  • 4
  • 2
  • +2
15 Comments
 
LVL 19

Expert Comment

by:nodisco
ID: 13865951
The pix can "route" to internal subnets persay

If you add a route management statement in your pix from global config mode using the external lan ip address as the gateway for same - you should be able to access the internal lan from the pix.

Have a look at this link for a simple view of same:

http://www.netcraftsmen.net/welcher/papers/pix01.html
0
 
LVL 32

Expert Comment

by:harbor235
ID: 13866834
Can you post your config?

harbor235
0
 
LVL 5

Expert Comment

by:pazmanpro
ID: 13867266
Did you disable the firewall on the SBS? Ensure that Routing and Remote access is configured as well on the SBS to act as a router.

You will also need to add routes on the PIX to get to the Internal network behind the SBS.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:pskemp
ID: 13867497
Thanks for everyone's input. I will be back on site tomorrow so i will try nodisco and pazmanpro suggestion of adding a route, although i believe i did try that already, something like

route 192.168.200.0 255.255.255.0 192.168.100.201.

The PIX internal ip is 192.168.100.201.

I will also try the routing and remote access recomendation aswell.

Will hopefully post back tomorrow.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13869613
pskemp

the route should read:
route 192.168.200.0 255.255.255.0 192.168.100.2

You are routing to the internal LAN via the external cards ip address

good luck
0
 
LVL 19

Expert Comment

by:nodisco
ID: 13874242
Just to avoid confusion - the route above should be added to the PIX - what is the default gateway of the internal card?  
0
 
LVL 1

Author Comment

by:pskemp
ID: 13889151
Ok,

Tried adding the route still no joy.

As it stands i can ping from a client on 192.168.200 network to the pix, but the pix can not ping anything on the 192.168.200 network.

The default GW on the NIC labelled external is the PIX. The NIC labelled internal has no GW.

The route on the PIX is as follows:-

outside 0.0.0.0 0.0.0.0 <public IP> 1 DHCP static
inside 192.168.100.0 255.255.255.0 192.168.100.201 1 CONNECT static
inside 192.168.200.0 255.255.255.0 192.168.100.201 1 OTHER static
outside <public IP> 255.255.255.255 <public IP> 1 CONNECT static

The SBS has routing and remote access configured as a router and RAS server. I have turned off the firewall on the server.

The routing table on the server is


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 d2 af e4 ...... Intel(R) PRO/1000 MT Network Connection - Packet Scheduler Miniport
0x3 ...00 04 23 9a fe bf ...... Intel(R) PRO/1000 MT Server Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  192.168.100.201    192.168.100.2      1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
    192.168.100.0    255.255.255.0    192.168.100.2    192.168.100.2     20
    192.168.100.2  255.255.255.255        127.0.0.1        127.0.0.1     20
  192.168.100.255  255.255.255.255    192.168.100.2    192.168.100.2     20
    192.168.200.0    255.255.255.0    192.168.200.2    192.168.200.2     20
    192.168.200.2  255.255.255.255        127.0.0.1        127.0.0.1     20
  192.168.200.255  255.255.255.255    192.168.200.2    192.168.200.2     20
        224.0.0.0        240.0.0.0    192.168.100.2    192.168.100.2     20
        224.0.0.0        240.0.0.0    192.168.200.2    192.168.200.2     20
  255.255.255.255  255.255.255.255    192.168.100.2    192.168.100.2      1
  255.255.255.255  255.255.255.255    192.168.200.2    192.168.200.2      1
Default Gateway:   192.168.100.201
===========================================================================
Persistent Routes:
  None

Any idea's appreciated.

Paul.
0
 
LVL 5

Expert Comment

by:pazmanpro
ID: 13899318
Hmmm, it still seems like a firewall problem to me, where pings can go out through the SBS but not in. Double check the firewall settings in the SBS manager. Also check your nat settings on the SBS.
0
 
LVL 1

Author Comment

by:pskemp
ID: 14119494
Thanks all for the advance. Sorry it's been a long time coming back.

We have been moving offices. I will hopefully get back on to this, this week and will come back with finding...

Cheers Paul.
0
 
LVL 1

Author Comment

by:pskemp
ID: 14597664
Ok back on to this again.

I added the route again using the correct gateway, gateway should have been 192.168.100.1 and i can now ping the 192.168.200.1 interface from the PIX.

But i still can't connect using OWA or OMA.

If anyone has any idea's then they would be greatly appreciated.

I would say if i take it back to one NIC on the server it all works fine using the 192.168.100.0 network.

Cheers Paul.
0
 
LVL 1

Author Comment

by:pskemp
ID: 14597719
I've just run a web based port scanner and it says that all my ports are closed including 443, used

http://netsecurity.about.com/gi/dynamic/offsite.htm?zi=1/XJ&sdn=netsecurity&zu=http%3A%2F%2Fwww.firewalls.com%2Ffreescan.asp

Is this my problem or am i barking up the wrong tree.

Cheers Paul.
0
 
LVL 1

Author Comment

by:pskemp
ID: 15291529
How do i close this call, i defaulted the PIX and re-install ISA 2004 and all started working, so solved it myself in the end.
0
 
LVL 19

Expert Comment

by:nodisco
ID: 15294089
pskemp

Open a thread in http://www.experts-exchange.com/Community_Support/
requesting to close this one.  Make sure to copy the hyperlink of this thread into the close request so they know which one you wish to close.

Glad you got working
0
 
LVL 1

Author Comment

by:pskemp
ID: 15907708
No that's fine, sorry meant to close this.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 15940252
PAQed with points (500) refunded

DarthMod
Community Support Moderator
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question