[c-nsp] Cisco PIX 515E 6.3 Remote Access VPN with 2 vpn group
Jim McBurnett
jim at tgasolutions.com
Thu Jul 13 17:33:03 EDT 2006
Make sure that the assigned IP is not x.y.z.0
Exclude .0 or change the pool....
I've seen this at least 5 times....
Jim
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dave Lim
Sent: Thursday, July 13, 2006 6:41 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco PIX 515E 6.3 Remote Access VPN with 2 vpn group
Hi group,
I am trying to do a remote access VPN for a customer with 2 VPN group
and 2 local pool. The problem I am encountering at the moment is for VPN
group ga_vpn, there is no problem. Everything works fine. Users can
connect to the remote access vpn and to the inside interface nodes.
But for the VPN group hp_vpn with the local ip pool of 192.168.1.0/24, I
can connect to the vpn, an ip address is assigned to me. But I cant
telnet to any of the LAN 10.84.2.0/24 machines. I am running out of
ideas. I have checked the log of my Cisco VPN client and there is no
error for iskamp and the crypto. The LAN i am connecting from is not a
Class C network. So this rules the conflicting ip address out.
I have checked the access list and the no_nat_vpn which defines what
traffic to encrypt with IPSEC traffic. Everything is inplace and am
really running out of ideas.
Anyone?
More information about the cisco-nsp
mailing list