Persistent Route in windows vista

Hi

I have a vpn tunnel connected between two cisco pix 501's, one at home and one in the office.  In order to access servers from home I've added persistent routes on the server back to my 192 network and this works fine.  From home I can ping the server and from the server I can ping the inside of my home pix.

The problem I am having is that from my work vista machine I cannot connect to my home 192 network at all.  I have added a persistent route to the routing table and it shows in route print.  I have disabled IPv6 and deleted any persistent IPv6 routes.  To try and troubleshoot the problem I ran a wireshark trace from my work machine when pinging 192.168.0.1.  My machine ARPs for the gateway for the 192 route and finds the inside interface of the office pix but no response to the ping is received.

This route add works fine on any XP machine and I can successfully ping the 192 network.

Any ideas?

Thanks

Cammy
builditianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dano2112Commented:

Hi Cammy...

Your post is a little bit confusing.  Generally, when you build a site-to-site tunnel between two PIX firewalls, you specify that traffic flow between the two internal LANs is protected traffic that should travel down the VPN tunnel.  In all of my experiences with PIX site-to-site tunnels, I've never had to manually specify routes on my hosts in order to have traffic pass down the tunnel.  This is generally all handled by the match acl in your cryptomap and in the no-nat match.

Are you able to post the configs for both firewalls?

0
builditianAuthor Commented:
Hi

The 501 firewall on the office side is not the default gateway for any office pc.  We have multiple pix's.  If i didn't add a route on the pc to tell it where the gateway was for the 192 network, how would it know?  I'm relatively new to this so excuse my ignorance.

Cammy
0
dano2112Commented:

Oh, okay, in that case, if the PIX for the VPN tunnel is not the default gateway for the office PC's, then yes, you would need to tell those PCs somehow about the other network.  Either by creating the static routes at the PC level like you've been doing, or by sending the traffic to a router that knows about the other networks.

0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

builditianAuthor Commented:
Thanks.  This takes me back to my original point about persistant routes in windows vista and how I can't get it to work.
0
lrmooreCommented:
I assume that this question is related
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24440873.html

Is the Vista machine on a different IP range? That range may not be configured properly in one or both PIX's for the VPN tunnel definition or for routing purposes.
If you have multiple PIX's/Firewalls then you should have a layer 3 switch making the routing decisions not the individual PC's.
0
builditianAuthor Commented:
It is related in that I've discovered why my machine wouldn't talk through the vpn.  Essentially, I've answered this question myself by asking the second one.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.