problem might be with an access-list or two. Can you provide us with your access-list?
Here is an example
access-list nonat permit ip 172.16.0.0 255.255.0.0 192.168.10.0 255.255.255.0 (access-list that allows traffic to flow between inside IP's to your IP pool)
nat (inside) 0 access-list nonat (tells PIX not to NAT access-list nonat)
This is just an example, have tosee how you have your PIX configured.
Are you connecting via the vpn client from behind another nat device ? If so, try adding 'isakmp nat-t' to your 520 config. This will allow nat traversal, something the pix sometimes struggles with when dealing with a natt'd address. Also, what version of code are you running ?
The client i am using is also behind a pat device. I haven’t tried the connection through any public ip address. I am guessing that would work... You guys are right i guess, the natting/patting at both ends is a problem.
What are these access-lists for?
access-list split-tunnel permit ip 192.168.200.0 255.255.255.0 any
access-list split-tunnel permit ip 192.168.0.0 255.255.255.0 any
Looks a s if you are trying to do split-tunneling, if that is the case try this command instead
access-list 103 permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.