• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems VPN -- why do I see the remote IP address (not vpn pool addr) in my log?

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date VPN -- why do I see the remote IP address (not vpn pool addr) in my log? Hank Zoeller 02-10-06  Re: VPN -- why do I see the remote IP address (not... Julian Dragut 02-12-06  Re: VPN -- why do I see the remote IP address (not... Walter Roberson 02-13-06

Posted by Hank Zoeller on February 10, 2006, 1:35 pm Please log in for more thread options I'm trying to get a VPN running using a PIX 501. I can connect and authenticate fine. When I try to map a drive, I see the following in the PIX log: No translation group found for tcp src outside:192.168.200.2/1075 dst inside:192.168.0.250/139 I'm surprised to see the 192.168.200.2 address. That is the private internal address of the outside machine on it's remote LAN. But I thought I'd see the ip address assigned to it from the PIX VPN pool which is 192.168.4.1. My current config: ... access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0 ... nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 ... ip local pool vpn_users 192.168.4.1-192.168.4.254 ... sysopt connection permit-pptp ... vpdn group PPTP-VPDN-GROUP accept dialin pptp vpdn group PPTP-VPDN-GROUP ppp authentication pap vpdn group PPTP-VPDN-GROUP ppp authentication chap vpdn group PPTP-VPDN-GROUP ppp authentication mschap vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto vpdn group PPTP-VPDN-GROUP client configuration address local vpn_users vpdn group PPTP-VPDN-GROUP pptp echo 60 vpdn group PPTP-VPDN-GROUP client authentication local vpdn enable outside ... Thanks for any help offered. -- HZ

Posted by Julian Dragut on February 12, 2006, 11:54 pm Please log in for more thread options sysopt connection permit-ipsec http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml HTH > I'm trying to get a VPN running using a PIX 501. > > I can connect and authenticate fine. When I try to map a drive, I see the > following in the PIX log: > No translation group found for tcp src outside:192.168.200.2/1075 dst > inside:192.168.0.250/139 > > I'm surprised to see the 192.168.200.2 address. That is the private > internal address of the outside machine on it's remote LAN. But I thought > I'd see the ip address assigned to it from the PIX VPN pool which is > 192.168.4.1. > > My current config: > ... > access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 > 192.168.4.0 255.255.255.0 > ... > nat (inside) 0 access-list inside_outbound_nat0_acl > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > ... > ip local pool vpn_users 192.168.4.1-192.168.4.254 > ... > sysopt connection permit-pptp > ... > vpdn group PPTP-VPDN-GROUP accept dialin pptp > vpdn group PPTP-VPDN-GROUP ppp authentication pap > vpdn group PPTP-VPDN-GROUP ppp authentication chap > vpdn group PPTP-VPDN-GROUP ppp authentication mschap > vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto > vpdn group PPTP-VPDN-GROUP client configuration address local vpn_users > vpdn group PPTP-VPDN-GROUP pptp echo 60 > vpdn group PPTP-VPDN-GROUP client authentication local > vpdn enable outside > ... > > Thanks for any help offered. > -- > HZ

Posted by Walter Roberson on February 13, 2006, 12:54 am Please log in for more thread options :sysopt connection permit-ipsec Unfortunately, no. Hank is not using ipsec, he is using pptp, and his quoted configuration already includes sysopt connection permit-pptp

Similar Threads	Posted
VPN -- why do I see the remote IP address (not vpn pool addr) in my log?	February 10, 2006, 1:35 pm
SIP Error: IP addr does not match with host IP addr	October 9, 2005, 2:19 am
VPN address pool disappears from PDM	April 12, 2006, 9:23 am
Address info for unauthorized remote services??	September 22, 2006, 12:43 am
Re: ethernet addr for router	July 27, 2007, 10:27 pm
Re: ethernet addr for router	July 31, 2007, 2:37 pm
ipsec tunnel to loopback addr	November 13, 2005, 5:45 pm
ISIS multicast addr on broadcast nets?	February 15, 2005, 8:23 pm
Scratch Pad Addr Fail Cisco IAD 2431	November 20, 2006, 5:00 pm
ACS / C1220 APs / VPN 3000 Conc: IP addr allocation for VPN but notfor 802.1X possible?	July 19, 2005, 4:09 pm
The ISP giving leased line to home(cat5), wants to configure static private IP addr, can I use Router?.	October 1, 2005, 8:14 am
nat for pool	September 12, 2006, 9:30 am
Nat Pool	July 25, 2008, 3:18 pm
reading the nat pool	September 19, 2005, 3:21 pm
ezvpn: ip pool necessary?	June 27, 2006, 1:54 pm

Contact Us | Privacy Policy