osxla
asked on
PIX 501 Remote VPN setup
I just setup a remote access VPN in my PIX 501. I attached the config and it seems to be working (can connect to shares, RDP) but I did unchecked the box in the VPN wizard regarding AAA and local database. Is not doing this going to affect anything? Also if you can look at the IP in DHCP pool. Is this correct. The other issue is I dont have internet connection when connected to the VPN. Is this because there is not DNS address in VPN?
Thanks
PIX501-After-VPN-Remote.txt
Thanks
PIX501-After-VPN-Remote.txt
access-list SPLIT_Tunnel standard permit ip 192.168.2.0 255.255.255.0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
lrmoore
After adding your statement do I need to add a DNS server that ikalmar recommended or will adding this get it online while connected?
Also was that set about the local database not important?
After adding your statement do I need to add a DNS server that ikalmar recommended or will adding this get it online while connected?
Also was that set about the local database not important?
Hi,
The local database is not ijmportant, if you want to go the internet!
The local database is not ijmportant, if you want to go the internet!
ASKER
What is it used for?
ASKER
adding this worked.
access-list SPLIT_TUNNEL permit ip 192.168.2.0 255.255.255.0 192.168.150.0 255.255.255.252
vpngroup vpnremote split-tunnel SPLIT_TUNNEL
Just wondering what the local database option was used for in vpn setup wizard?
access-list SPLIT_TUNNEL permit ip 192.168.2.0 255.255.255.0 192.168.150.0 255.255.255.252
vpngroup vpnremote split-tunnel SPLIT_TUNNEL
Just wondering what the local database option was used for in vpn setup wizard?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
users authenticate from local database
If you use split tunnel you able to reach the internet:
access-list SPLIT_Tunnel standard permit ip 192.168.2.1 255.255.255.0
vpngroup vpnremote address-pool vpnpool
vpngroup vpnremote idle-time 1800
vpngroup vpnremote dns-server x.x.x.x
vpngroup vpnremote wins-server x.x.x.x
vpngroup vpnremote default-domain xxxx.com
vpngroup vpnremote split-tunnel SPLIT_Tunnel
vpngroup vpnremote password ********