Client VPN to PIX 501

can you please give us some moe details about the same. can be many things like port blockage, policies not matching etc.

If the sites are behind NAT and you have not set up your PIX 501 with isakmp nat-traversal 20 and if the other sites -have- turned that on [or the equivilent], then you would be able to connect to those other sites but not to the 501.

To further clarify the config and the behavior......

access resources on Site 1 and Site 2.

VPN Site 1 (501) network 10.1.1.x

VPN Site 2 (501) network 172.1.1.x

Site 2 and can access resources, however it can connect and authenticate to Site 1 however we cant ping or access any of the resources on the 10.1.1.x network.

Any suggestions appreciated.

Is nat traversal turned on? Is split tunneling turned on? Does the internal IP address range at Connection B happen to be in the 10/8 network? If so, are you using the 'mask' parameter on the ip pool definition on the PIX ?

Do you know how to set the mask on the IP pool, it does not show mask as a parameter on the address pool statement. When the client connects it is being handed a 255.0.0.0 mask. I believe this is the issue since I can connect from a 192 network but not a 10 network. Does anyone know how to set the mask that is handed to the client on the PIX?

Thanks

If you are running PIX 6.2 then you would need to upgrade in order to get this feature.