[c-nsp] Cisco PIX 515E 6.3 Remote Access VPN with 2 vpn group

Dave Lim dave.daturax at gmail.com
Thu Jul 13 20:35:14 EDT 2006


Hi Jim,

The assigned local ip pool is from 192.168.1.1-192.168.1.5

Funny thing is everything elses work right up to negotiating the security
policies but when the VPN is connected, i cant RDP to any of the machines on
the LAN.

It appears something to do with the acl telling it what to protect with
IPsec. Anyone?

On 7/14/06, Jim McBurnett <jim at tgasolutions.com> wrote:
>
> Make sure that the assigned IP is not x.y.z.0
> Exclude .0 or change the pool....
> I've seen this at least 5 times....
>
> Jim
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Dave Lim
> Sent: Thursday, July 13, 2006 6:41 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco PIX 515E 6.3 Remote Access VPN with 2 vpn group
>
> Hi group,
>
> I am trying to do a remote access VPN for a customer with 2 VPN group
> and 2 local pool. The problem I am encountering at the moment is for VPN
> group ga_vpn, there is no problem. Everything works fine. Users can
> connect to the remote access vpn and to the inside interface nodes.
>
> But for the VPN group hp_vpn with the local ip pool of 192.168.1.0/24, I
> can connect to the vpn, an ip address is assigned to me. But I cant
> telnet to any of the LAN 10.84.2.0/24 machines. I am running out of
> ideas. I have checked the log of my Cisco VPN client and there is no
> error for iskamp and the crypto. The LAN i am connecting from is not a
> Class C network. So this rules the conflicting ip address out.
>
> I have checked the access list and the no_nat_vpn which defines what
> traffic to encrypt with IPSEC traffic. Everything is inplace and am
> really running out of ideas.
>
> Anyone?
>


More information about the cisco-nsp mailing list