Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W2k VPN to PIX 520

Status
Not open for further replies.
Mickelkpg

Mickelkpg

IS-IT--Management
Oct 15, 2001
34
SE
I am trying to set up a PIX520 to accept VPN-connections from W2k and XP client.
With the following configuration the "PPTP-tunnel" goes up but the clients can't access any machines on the inside:

access-list 106 permit ip 111.11.11.0 255.255.255.0 192.168.1.0 255.255.255.0

ip local pool pptp-pool 192.168.1.1-192.168.1.50
nat (inside) 0 access-list 106
sysopt connection permit-pptp
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username user1 password password1

(where 111.11.11.0 is my internal IP-range)

The outside clients have various IP-addresses but what I understand they are translated through the pptp-pool, or?
 
Sort by date Sort by votes
Hi

If you are working within a W2K domain you should add DNS configuration to the client setup or add &quot;vpdn group 1 client configuration DNS <your_DNS_server_IP>&quot; to the Pix.

Bye

 
Upvote 0 Downvote
Hi there -

My frist question would be are they able to access ANY resources on the inside? Such as printers or other network shares. It could be a couple of different issues, possibly an authenication issue since you are using a pix local userlist rather than an internal Radius server. It could be that there is no DNS entry or a WINS server entry. I am running both W2K clients as well as XP clients into my PIX 520 and I don't have any problems connecting to internal systems, however the three things that I did see different in your config vs. mine was I use an internal Radius server, I have a DNS entry as well as a WINS entry. One other thing that I would check is your routing on your client end to make sure that your default route is pointing at your VPN tunnel.

I hope this helps.
 
Upvote 0 Downvote
Thread35-266670 should have read down a little further beforre I posted. It seems he has the same problem I have which isnt name related at all. For some reason the PIX establishes a connection but doesnt allow any exchange.
 
Upvote 0 Downvote
hello all,

I have a 520 that works and a 506 that doesn't. The configs are as close as I can get them.

The biggest difference is that the 520 is using conduits and the 506 is using access-lists.

Any suggestions based upon that tidbit??

thanks,
eric
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
687
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
598
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
590
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
210
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
729
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top