I have a PIX 506e running in our office to allow remote users to connect using the Cisco software VPN client. Users need to be able to see machines in the office and in the ideal world have internet access through this VPN (though that is not vital). What is odd is that if a user connects in remotely and I am in the office, I can ping their machine fine, however they cannot ping back the other way. A remote user directly on the internet can connect in fine and pings can go either way, however a remote user on a nat'd connection (using
192.168.0.XX) can establish the vpn connection, but can't ping or connect to anything in the office. (though, again I can still see them from within the office)Below are the relevant bits from the config. I can only assume it is something to do with them being nat'd. Any thoughts?
office runs on 192.168.50.xx, but has one machine running on
192.168.0.110, which it would be nice to get to if possible.cheers
Paul
access-list NO-NAT permit ip 192.168.50.0 255.255.255.0 192.168.51.0
255.255.255.0 access-list FromREMOTE permit ip 192.168.50.0 255.255.255.0 192.168.51.0 255.255.255.0 access-list FromREMOTE permit ip 192.168.1.0 255.255.255.0 192.168.51.0 255.255.255.0 access-list FromREMOTE permit ip host 192.168.0.110 192.168.50.0 255.255.255.0nat (inside) 0 access-list NO-NAT nat (inside) 1 192.168.50.0 255.255.255.0 0 0 ip local pool VPN 192.168.51.1-192.168.51.20
vpngroup ***** address-pool VPN vpngroup ***** dns-server 212.135.1.36 vpngroup ***** split-tunnel FromREMOTE vpngroup ***** idle-time 1800 vpngroup ***** password ********