Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

i'm vpn'd, but that's it..

Status
Not open for further replies.
snootalope

snootalope

IS-IT--Management
Jun 28, 2001
1,706
0
0
US
PIX 515

I got a pptp vpn setup on her right now.. I connect fine, get my address from it, but I thought I'd be able to ping an address inside the firewall (like an rdp machine) from the machine that I'm vpning from.. guess not.. I'm not quite sure why, I was thinking that maybe something is blocked..

ip pool - 10.10.1.50 - .57 <-- same ip range as inside lan
subnet - 255.255.255.255 <-- I can't change that!!! it's automatically given that way!!! that could be the problem in itself.. hhmm..

advice?

&quot;tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt&quot; Mark Twain

&quot;I should of been a doctor..&quot; Me
 
Sort by date Sort by votes
Well, Im not expert, but to I have my ip pool (192.168.12.0) different than my inside lan (192.168.1.0) and use the following access-list:

ip local pool pptp-pool 192.168.12.1-192.168.12.5

access-list vpnlist permit ip 192.168.1.0 255.255.255.0 192.168.12.0 255.255.25.0

Hope this helps.

Jim

Jim Webber
Network Administrator MCSE CNA
 
Upvote 0 Downvote
I also should learn to proof read my posts. It should be:

ip local pool pptp-pool 192.168.12.1-192.168.12.5

access-list vpnlist permit ip 192.168.1.0 255.255.255.0 192.168.12.0 255.255.255.0

Jim Webber
Network Administrator MCSE CNA
 
Upvote 0 Downvote
Can you post your config and i'll take a look at it
and help you out

Regards
 
Upvote 0 Downvote
HI.

> I got a pptp vpn setup on her right now
Better use the Cisco IPSec VPN client.

> ip pool - 10.10.1.50 - .57 <-- same ip range as inside lan
I agree with &quot;Slainte35&quot; - part of the solution will be to use different address range for VPN clients.

> subnet - 255.255.255.255 <-- I can't change that!!!
That's OK. Don't worry about it.


Yizhar Hurwitz
 
Upvote 0 Downvote
I added acces-list's and it still isn't working..

I can't even ping inside address from my vpn'd machine.. I connect just fine though!

Also, does anyone have a link to the vpn client? I'm a member of cisco's site and I can't even frickin find it!!!!!

thanks guys

&quot;tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt&quot; Mark Twain

&quot;I should of been a doctor..&quot; Me
 
Upvote 0 Downvote
whoa..

Whatever happend with that access-list totally screwed my other rules damnit..

Hell with it, I'm going to find white papers somewhere..

yizhar>
I used this
access-list vpnlist permit ip 192.168.1.0 255.255.255.0 192.168.12.0 255.255.255.0
but with my ip scheme.. what more do you wanna know?

I setup a pptp vpn from my home pc.. the vpn on the pix has got a pool of addy's from 192.168.1.2 - .4 - it connects just fine! But I can't ping or see anyting on the inside of the network..

&quot;tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt&quot; Mark Twain

&quot;I should of been a doctor..&quot; Me
 
Upvote 0 Downvote
HI.

> Hell with it, I'm going to find white papers somewhere..
Good idea.
You'll find some here:

> what more do you wanna know?
See the FAQ of this forum, and post your whole config (or at least a more detailed output).
Please describe exactly what you do, and what are the results.
Use syslog messages.
When troubleshooting VPN - please describe the remote client as well - OS, configuration, Internet connection type, firewall in use, NAT devices at the client side, etc.
You should also check if the remote client can ping the pix outside interface (without establishing VPN tunnel).

Choosing the VPN technology to use is also important.
PPTP has several weaknesses - for example the client has the option to save the password on its PC, which means that an attacker can and will easily still it in no time.
Configuring and troubleshooting the pix (and the client) for PPTP is different then for Cisco client.

Good Luck, and don't rush...


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
40
Garbear
Garbear
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
60
Russtoleum
Russtoleum
2ffat
  • Locked
  • News
Sometimes it helps to hack the hacker 1
Replies
1
Views
33
kjv1611
kjv1611
ingram87
  • Locked
  • Question
Keep getting &quot;TCP connection dropped&quot; to our server. Need help finding why that's happenin
Replies
1
Views
67
joepc
joepc
disturbedone
  • Locked
  • Question
Securing VLAN so it has limited access
Replies
1
Views
36
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top