Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN Problem with home router & pix

Status
Not open for further replies.
ytreza

ytreza

Technical User
Aug 13, 2002
9
FR
We have installed a PIX firewall with VPN access to give
the possibilities to employee of our corporate to reach our
private network at home through their ADSL or CABLE connection.

this is working very well with the VPN client ( lastest avalable ) when they have
their PC directly connected to their DSL or CABLE modem. But this is getting harder when they have a home firewall/routeur (like the Netgear RP114), and they use the VPN client to get connected to the office network.

The VPN client could only reach the DMZ (192.168.1.*), but not the 100% secure net of the office (192.168.0.*).

Is it a configuration from the home routeur ? VPN Client or
the VPN Server. Any advices are welcome ...
Thanks
 
Sort by date Sort by votes
If it is only happening to those people who are running some sort of firewall at home then I would look at the home firewalls. I have seen this exact same thing in the past. I had troubles with the Linksys router. I know with the Linksys that you have to enable ipsec/pptp passthrough, this way the vpn traffic won't be dropped.

I hope this helps.


 
Upvote 0 Downvote
HI.

Does the internal network at the client side also use 192.168.0.x ?

If so, then you might have ip addressing conflict between the company LAN and the remote client LAN.

A possible solution for this is to reconfigure the pix, not to use "nat 0" but to use static nat instead.

For example:
Company mail server internal address is: 192.168.0.1

The pix configuration will show:
static (inside,outside) x.x.x.x 192.168.0.1
The VPN client will connect to x.x.x.x instead of 192.168.0.1 - same way as regular inbound traffic to your servers but with more ports open to VPN clients.

The "nat 0" statements will be removed or redefined to include only the DMZ network.
The access-list statements used for crypto map and for split tunnel will also need to be modified in such case.

Again, this is relevant only if your problem is the conflict and not if you have other problem.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote

Yizhar,

It seems that with an IP different from 192.168.0.x on the client side, it works !
( the lan of the company is also 192.168.0.x )

Once more you save the world ;-)

See you
Bye
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
702
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
599
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
212
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
734
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top