pix 501 vpn remote access

[ttnnee]

I have a pix 501 at home. I configured it to allow remote access with a cisco vpn client 3.x. I can connect to the vpn fine but I cant access anything on the local lan. What I want to do is be able to access the pdm on the pix when I vpn into the network. I am running dhcp on the inside interface with the ips 10.0.1.1-10.0.1.30. My inside interface is 10.0.1.254. My vpn pool is 10.0.1.35-10.0.1.45. I dont have a router so I had to use the same network for both pools. There is a 24bit mask for these. I set this up to try and allow access between them.

access-list 101 permit ip 10.0.1.0 255.255.255.0 10.0.1.0 255.255.255.0
nat(inside)0 access-list 101
sysopt connection permit-ipsec

When I vpn in I get an IP address but I cant ping the pix inside interface. How do I allow this connectivity? I am not real familar with Pix OS so I am not sure if the pix sees me as being on the inside or outside interface when I use vpn. Can someone help??

 

[sunyasee]

What you need to do is change the VPN pool, it will not work if you use the same subnet. I recommend you change it to 192.168.1.1 - 192.168.1.15. Of course, you will need to amend your access-list once you've changed the VPN pool. ----

Sunyasee B-)

 

[ttnnee]

What will be my default-gateway if I cahnge the vpn pool. The ip on the inside interace is 10.0.1.254. If I change the vpn pool to 10.0.2.1-10.0.2.10 how will a 10.0.2.0 address talk to a 10.0.1.0 address without a router?

 

[sunyasee]

You don't need to worry about a default gateway. The VPN terminates on the PIX so therefore you are talking directly from the PIX to the 10.0.1.0 network, you don't need a router. ----

Sunyasee B-)

 

[ttnnee]

I will try this. Now will I need to add any access-list to allow a vpn client to access internal machines and also access the pix pdm?

 

[sunyasee]

This should be all you need....

access-list no_nat permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0

nat (inside) 0 access-list no_nat

----

Sunyasee B-)