VPN Client and routing

mouno · Apr 14, 2003

I'm quite new to PIX.
I've installed PIX506E configured with DTC Radius and Cisco VPN Client.

hq network (172.16.x.x)
|
router (192.168.0.1)
|
branch network (192.168.0.x)
|
pix 506e (192.168.0.2)
|
internet
|
cisco vpn client

I could successfully authenticate and get into the branch network from VPN Client but have been unable to find route to the hq network.

The branch network is NT domain and the default route goes to 192.168.0.1. How do I configure PIX so that VPN remote nodes can access hq network?

yizhar · Apr 15, 2003

HI.

At the pix, you should add the ip subnet(s) of hq network to the following:
route ...
access-list bound to "nat (inside) 0 access-list"
access-list used for "split-tunnel"

At the hq network and routers along the way, you should add a route to the subnet used by VPN users "ip local pool ..." which points to the pix.

An alternate solution which can also help is to setup a proxy or terminal server at the branch office, let VPN users connect to the proxy/terminal first, and then use it to access the hq.

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

mouno · Apr 15, 2003

Thanks yizhar,

Unfortunately I'm not authorized to change hq side router settings at the moment.
Setting up a proxy seems rather practical for us.

yizhar · Apr 16, 2003

HI.

You can also configure a router/server at your side with NAT to workaround the problem.

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

VPN Client and routing

mouno

MIS

yizhar

MIS

mouno

MIS

yizhar

MIS

Similar threads

Part and Inventory Search

Sponsor