actiontec, pix501 and linksys wireless router

[mikelacy01]

I installed a Pix 501 firwall on small network with a actiontec 701 running in PPPoA mode and a Linksys Wireless-B Broadband router BEFW11S4. DSL is provide by Qwest.

The pix is connected to the actiontec dsl modem and the Linksys wireless-B broadband router is connected off the back (behind) the Pix. There is a file server on the network that external clients need to access. I have tried to connect to the server with Microsoft vpn client and Cisco vpn client and can not. I can connect to the Pix just fine with both clients. But cannot ping or map to the server. The network is basically a peer to peer network with wireless clients and a file server (no domain) with the server is physically connect to the linksys eithernet port. The Sever is not wireless. It is actually connect to the linksys router.

Configuration is as follows:

DSL modem is running in PPPoA mode and has a public staic ip address and a private internal ip address of 192.168.0.1
Pix has a public static ip address on the outside address and a private internal address of 192.168.1.1
It appears that the pix is assigning the linksys a private ip address of 192.168.1.x on the outside interface but is not getting any DNS assign. Theirfore I had to configure DNS on each machine on the network in order for them to get out. The internal ip address of the the linksys is 192.168.2.x and is assigning 192.168.2.x ip’s to all the wireless hosts. The server ip address is on the 192.168.2.x network. .The server (windows 2003 small business server) ip is hard coded. I can browse out to the internet from the server and any of the wireless clients. But when I vpn in to the pix I cannot ping or map to anything to the 192.168.2.x network. Can anyone help? Thanks

 

[Pappa850]

Mike try this, change your default gateway on your server to the Pix's 192.168.1.1 Address and see what happens. If it works, I don't know how to do any other way then that.

 

[Pappa850]

Mike, im sorry after you do that, then try and ping from your VPN clients

 

[Pappa850]

I'm sorry again mike, I miss-read your whole network layout, and I don't see were I can re-edit my post, so i sorry for flooding with these. my Expierence with Pix VPN's are. FileServers on the LAN, have to have the Gateway of the Pix's Inside Address. Example:


VPN Client --> Internet --> Pix --> LAN/Servers


Pix (Inside = 192.168.1.1, Outside = Public Internet Addres)
VPN Pool ( 192.168.2.100-192.168.2.200)


File Server:
IP = 192.168.1.5
Mask = 255.255.255.0
Gateway = 192.168.1.1

VPN Client:
when you do a ipconfig. it will have what ever your VPN Pool is setup. in our example.

Local NiC Card of VPN Client

IP: 192.168.168.2
mask: 255.255.255.0
GW: 192.168.168.1

VPN Adapater (After Successfull Connection to Pix)

IP: 192.168.2.200
Mask: 255.255.255.0


ping: 192.168.1.5 it should reply if you have the default gateway of the server set to your Inside Address of your Pix.

Hope I didn't confuse ya

My Diagrams are not up to par

 

[themut]

You don't provide much details about your configuration but try to add the following command on the PIX:

isakmp nat-traversal