Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

VPN broken after subnet mask change

Avatar of HossEquip
HossEquip asked on
4 Comments1 Solution296 ViewsLast Modified:
Made a subnet mask change from a 24 to a 16 mask and now the VPN connects, but no one can communicate through to servers or have outlook connect to Exchange. Here is the access-list, vpngroup and ip info:

access-list split permit ip - changed to
access-list nonat permit ip - changed to

ip address inside - changed to

ip local pool vpnpool

global (outside) 1 [outside public ip]
nat (inside) 0 access-list nonat
nat (inside) 1 0 0

route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set esp-3des esp-3des esp-md5-hmac
crypto dynamic-map dynmap 50 set transform-set esp-3des
crypto map VPN 65535 ipsec-isakmp dynamic dynmap
crypto map VPN client configuration address initiate
crypto map VPN client configuration address respond
crypto map VPN interface outside
isakmp enable outside
isakmp nat-traversal 3600
isakmp policy 7 authentication pre-share
isakmp policy 7 encryption 3des
isakmp policy 7 hash md5
isakmp policy 7 group 2
isakmp policy 7 lifetime 86400
vpngroup xpixvpngroup address-pool vpnpool
vpngroup xpixvpngroup dns-server
vpngroup xpixvpngroup wins-server
vpngroup xpixvpngroup default-domain [company domain name]
vpngroup xpixvpngroup split-tunnel split
vpngroup xpixvpngroup idle-time 1800
vpngroup xpixvpngroup password ********
vpngroup xpivpngroup idle-time 1800
Avatar of HossEquip

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answers