pix 506 user vpn nat ! Only god can help me :OP

[Johnnz]

Hi !
I have a cisco pix 506 with firmare 6.1
I have a nat 192.168.0.0 /255.255.224.0 inside !
its ok !
i have a vpn with a stellite office ! encrypt with certificate 56 bit !
But i want a user vpn !!
my setup is :
vpdn group test accept dialin pptp
vpdn group test ppp authentication mschap
vpdn group test ppp encryption mppe 40
vpdn group test client configuration address local vpnpool
vpdn group test pptp echo 60
vpdn group test client authentication local
vpdn username ***** password ****
vpdn enable outside

and it work perfectly with windows 2000 i can connect easily !
Bon the problen is beacause any inside station can ping me ! but the outside(vpn client) can't do nothing !!
i have added a sysopt for pptp ! to bypass access list but the doesnt work !
could you help me pls !

 

[yizhar]

HI.

What is the "vpnpool" address range?
It should be a different subnet, for example 10.0.0.0 that will not conflict with internal subnet 192.168.0.0

And you should do "nat 0" with access-list for IP traffic from inside 192.168.0.0 to the vpn client subnet.

You can use pixcript to get a sample config:

http://teachers.sivan.co.il/yizhar#pixcript

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar