Minor Problem with remote access VPN

in my office we run a PIX 506 with a VPN to another PIX 506 in the datacenter. The IP ranges for these are 192.168.0.0/24 and

192.168.1.0/24 respectively.

i have set up another PIX in a clients site with IP range

192.168.10.0/24 and set up a remote access VPN for this.

when i remote access using the cisco VPN client and are in my office (i.e. behind my PIX) i can connect to the clients VPN however i can not ping any internal address on that site, and hence the VPN is useless.

in order for the remote access VPN to work i can not be behind my PIX, for example if i give myself a real IP address and plug my laptop in outside the firewall i can connect to the remote access VPN fine and also ping and connect to all the devices there.

any ideas what i need to do either on my firewall to allow this outgoing connections or anything that needs done on the clients PIX?

many thanks

Ryan

Reply to
Ryan Cole
Loading thread data ...

Probably just an ACL problem. Post the config.

Reply to
RC

thanks for the reply, here is the config file for the PIX in my office (as you say it might be an ACL problem i have only posted the ACL)

access-list remote_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list inside_outbound_nat0_acl permit ip 192.168.1.0

255.255.255.0 192.168.1.96 255.255.255.240 access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 datacenter-int 255.255.255.248 access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.96 255.255.255.240 access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 datacenter-int 255.255.255.248

do i need change any of these values in this to solve my problem above or do you need to see more of the config or the config of the remote PIX i am trying to VPN onto?

many thanks

Reply to
Ryan Cole

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.