PPTP clients cannot route over PIX IPSEC tunnels

[thedude01]

Hello,

I have a VPN network that is virtually identical to this configuration (functioning correctly):

http://www.cisco.com/en/US/products...s_configuration_example09186a00800a2cce.shtml

I have client VPN's enabled using PPTP. The clients can access any devices at the location of the PIX they VPN into, but cannot access any devices at other sites across the IPSEC tunnels. All IPSEC routing works fine on the local networks. What can I do to allow the VPN clients to access devices through the PIX to PIX tunnels? The PIX version is 6.2(2).

Thanks,

JT
the_dude_01@hotmail.com

 

[thedude01]

I also appear to have a second issue. Hosts in remote offices cannot access devices in the dmz's of each remote firewall. They ARE able to access the dmz local to their site. I have duplicated the access-lists that work for the inside networks and subtituted the correct network addressing for the dmz with no luck.

Any help would be greatly appreciated. Thanks.

 

[yizhar]

HI.

There are many possible workaround/solutions.
Here are some:

* If you're using PPTP for remote access (which I don't recommend) then you can configure an internal W2K server to act as VPN server (RRAS) instead of the pix. That way VPN clients will be able to route from the VPN server to other networks.

* A better and maybe simplier solution:
Implement a terminal server, users will connect to it over VPN and from there to any other networks.

Other solutions are possilbe - try to be open minded about this issue.


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar