Hi,
Made a simple PPTP access on PIX and it works.
Now my problem is:
VPN users connect okey and all, but they can only access one net??? my internel net is 10.11.41.0 and use 2 other 10.11.46.0 and 10.11.25.0 where 10.11.46.1 is gateway. am i routing wrong ???
And how do i get web access for the users through the VPN ???
this is my config(removed all non-essential):
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.135.0 vpn
access-list compiled
access-list acl_in permit tcp any host 80.***.***.78 eq smtp
access-list acl_in permit tcp any host 80.***.***.78 eq pptp
access-list inside_outbound_nat0_acl permit ip any vpn 255.255.255.0
pager lines 69
logging on
icmp permit any echo-reply outside
icmp permit any time-exceeded outside
icmp permit any echo outside
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 80.***.***.78 255.255.255.252
ip address inside 10.11.41.1 255.255.240.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool Pool1 192.168.135.1-192.168.135.50
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_in in interface outside
route outside 0.0.0.0 0.0.0.0 80.***.***.77 1
route inside 10.11.46.0 255.255.255.0 10.11.41.1 1
route inside 10.11.25.0 255.255.255.0 10.11.46.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
sysopt connection permit-pptp
vpdn group test1 accept dialin pptp
vpdn group test1 ppp authentication pap
vpdn group test1 ppp authentication chap
vpdn group test1 ppp authentication mschap
vpdn group test1 ppp encryption mppe 40
vpdn group test1 client configuration address local Pool1
vpdn group test1 client configuration dns 10.11.41.2
vpdn group test1 pptp echo 60
vpdn group test1 client authentication local
vpdn username ***** password *********
vpdn username ***** password *********
vpdn enable outside
vpdn enable inside
: end
THX in advance
Made a simple PPTP access on PIX and it works.
Now my problem is:
VPN users connect okey and all, but they can only access one net??? my internel net is 10.11.41.0 and use 2 other 10.11.46.0 and 10.11.25.0 where 10.11.46.1 is gateway. am i routing wrong ???
And how do i get web access for the users through the VPN ???
this is my config(removed all non-essential):
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.135.0 vpn
access-list compiled
access-list acl_in permit tcp any host 80.***.***.78 eq smtp
access-list acl_in permit tcp any host 80.***.***.78 eq pptp
access-list inside_outbound_nat0_acl permit ip any vpn 255.255.255.0
pager lines 69
logging on
icmp permit any echo-reply outside
icmp permit any time-exceeded outside
icmp permit any echo outside
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
ip address outside 80.***.***.78 255.255.255.252
ip address inside 10.11.41.1 255.255.240.0
ip verify reverse-path interface outside
ip audit info action alarm
ip audit attack action alarm
ip local pool Pool1 192.168.135.1-192.168.135.50
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_in in interface outside
route outside 0.0.0.0 0.0.0.0 80.***.***.77 1
route inside 10.11.46.0 255.255.255.0 10.11.41.1 1
route inside 10.11.25.0 255.255.255.0 10.11.46.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
sysopt connection permit-pptp
vpdn group test1 accept dialin pptp
vpdn group test1 ppp authentication pap
vpdn group test1 ppp authentication chap
vpdn group test1 ppp authentication mschap
vpdn group test1 ppp encryption mppe 40
vpdn group test1 client configuration address local Pool1
vpdn group test1 client configuration dns 10.11.41.2
vpdn group test1 pptp echo 60
vpdn group test1 client authentication local
vpdn username ***** password *********
vpdn username ***** password *********
vpdn enable outside
vpdn enable inside
: end
THX in advance
