[c-nsp] vpn_netop_pix

Mad Unix madunix at gmail.com
Tue Jan 2 15:57:26 EST 2007


I have a PIX 515 6.3 and remote clients with VPN Client 4.8
The remote clients can access the internal Network services through vpn
tunnel (it works).
now the remote clients would have to access their own Desktop through netop
remote control (host/guest)
based on vpn/ipsec from the remote location. but with my config on the pix i
have found
that the user can access their desktop, but actually when they came to the
office they were not able to browse the internet
such as smtp/http traffic always page cant be display and smtp server cant
be found.
to give them the ability back to access the internet i do :
no static (inside,outside) 11.1.2.203 10.6.40.55 netmask 255.255.255.255 0 0
clear xlate
but after that they cant do netop.

does anybody know what I must do that an
internal PC (main office) can be controled from an external PC (remote
office ) with netop having all internet feature

I am using IPsec VPN tunnel. its vpn client to pix. I am doing natting  my
local lan at the main office : 10.6.40.x/24
sample Desktop: 10.6.40.55
my pix:
access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq nntp
access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq ftp
access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq www
access-list inside-access permit tcp 10.6.40.0 255.255.255.0 any eq domain
ip address outside x.x.x.2 255.255.255.240
ip address inside 10.6.70.5 255.255.255.0
access-list nonat permit ip 10.6.70.0 255.255.255.0 11.1.1.0 255.255.255.0
ip local pool ippool 11.1.1.1-11.1.1.200
global (outside) 1 x.x.x.x (real ip)
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 11.1.2.203 10.6.40.55 netmask 255.255.255.255 0 0
vpngroup xxxx dns-server y.y.y.y

 --
madunix


More information about the cisco-nsp mailing list