Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't access internet over VPN tunnel 1

Status
Not open for further replies.
ClimbingColorado

ClimbingColorado

Technical User
May 13, 2009
14
US
Hello,

I have a Cisco Pix 501 configured at home for VPN access. Using the Cisco VPN client software, I can connect to my home network and access resources behind my Pix. However, I can't reach the Internet from my VPN client. Looking at my Pix logs, I see the following error messages:

Dec 31 16:23:54 192.168.1.1 Dec 31 2010 16:24:04: %PIX-6-110001: No route to 8.8.4.4 from 172.16.0.1
Dec 31 16:24:07 192.168.1.1 Dec 31 2010 16:24:16: %PIX-6-110001: No route to 8.8.8.8 from 172.16.0.1

The 172.16.0.1 is my VPN client and the 8.8.8.8 and 8.8.4.4 are Google DNS servers.

Systems on my home network are able to access the Internet (That's how I'm posting this question).

This VPN configuration was created using the PDM VPN Wizard GUI. Any thoughts on how to fix this?

Thanks,

Rob
 
Sort by date Sort by votes
Just a hunch, but it sounds like the virtual network interface for the VPN connection lacks a default gateway. I would start by looking at the existing configuration for this interface and see if you can modify it either directly or through the wizard tool.
 
Upvote 0 Downvote
Hello Noway2,

The Pix doesn't create a virtual interface, that I know of, for the VPN connection. When the VPN connection is up and I do a show int, only the inside and outside interfaces are displayed. Do you know of another command I should use to show the VPN interface (if it exists)?

Thanks,

Rob
 
Upvote 0 Downvote
The virtual adapter would be on the client end rather than the PIX. For example, on my (work) laptop which uses the CISCO client, I have a LAN connection for the Cisco client.

One simple way to get at this information would be to connect via VPN and then pull up a CMD prompt and type ipconfig or ipconfig /all. This should show you the network configurations.

I think you will find that you have an IP address, e.g. 172.16.0.1 and and appropriate mask, e.g. 255.255.255.0, but no gateway. Consequently when connected via VPN you can route your LAN, but not beyond.

One other command that can provide a lot of information is: 'route print' from a command prompt. This will show you how an attempt to reach various destinations will be made.
 
Upvote 0 Downvote
the 501 doesn't permit hairpinning network connections. try configuring the vpn profile to use split-tunneling.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Hello Unclerico,

Would a site-to-site tunnel using two Pix 501 firewalls allow me to surf the Internet over VPN?

Thanks,

Rob
 
Upvote 0 Downvote
no. traffic would be entering and exiting the same interface on the device that will be providing the internet access.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
475
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
357
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
290
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
257
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top