Persistent Route in windows vista

Hi

I have a vpn tunnel connected between two cisco pix 501's, one at home and one in the office.  In order to access servers from home I've added persistent routes on the server back to my 192 network and this works fine.  From home I can ping the server and from the server I can ping the inside of my home pix.

The problem I am having is that from my work vista machine I cannot connect to my home 192 network at all.  I have added a persistent route to the routing table and it shows in route print.  I have disabled IPv6 and deleted any persistent IPv6 routes.  To try and troubleshoot the problem I ran a wireshark trace from my work machine when pinging 192.168.0.1.  My machine ARPs for the gateway for the 192 route and finds the inside interface of the office pix but no response to the ping is received.

This route add works fine on any XP machine and I can successfully ping the 192 network.

Any ideas?

Thanks

Cammy
builditianAsked:
Who is Participating?
 
builditianConnect With a Mentor Author Commented:
It is related in that I've discovered why my machine wouldn't talk through the vpn.  Essentially, I've answered this question myself by asking the second one.
0
 
dano2112Commented:

Hi Cammy...

Your post is a little bit confusing.  Generally, when you build a site-to-site tunnel between two PIX firewalls, you specify that traffic flow between the two internal LANs is protected traffic that should travel down the VPN tunnel.  In all of my experiences with PIX site-to-site tunnels, I've never had to manually specify routes on my hosts in order to have traffic pass down the tunnel.  This is generally all handled by the match acl in your cryptomap and in the no-nat match.

Are you able to post the configs for both firewalls?

0
 
builditianAuthor Commented:
Hi

The 501 firewall on the office side is not the default gateway for any office pc.  We have multiple pix's.  If i didn't add a route on the pc to tell it where the gateway was for the 192 network, how would it know?  I'm relatively new to this so excuse my ignorance.

Cammy
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
dano2112Commented:

Oh, okay, in that case, if the PIX for the VPN tunnel is not the default gateway for the office PC's, then yes, you would need to tell those PCs somehow about the other network.  Either by creating the static routes at the PC level like you've been doing, or by sending the traffic to a router that knows about the other networks.

0
 
builditianAuthor Commented:
Thanks.  This takes me back to my original point about persistant routes in windows vista and how I can't get it to work.
0
 
lrmooreCommented:
I assume that this question is related
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24440873.html

Is the Vista machine on a different IP range? That range may not be configured properly in one or both PIX's for the VPN tunnel definition or for routing purposes.
If you have multiple PIX's/Firewalls then you should have a layer 3 switch making the routing decisions not the individual PC's.
0
All Courses

From novice to tech pro — start learning today.