I need to have network drives (SMB) to work thru a VPN tunnel.
I have a PIX 501 with a public IP on the outside and a local IP range (192.168.1.0/24) on the inside. This PIX is gateway for the clients and it has the IP 192.168.1.1.
I have two servers on the local network. One at: 192.168.1.2, and one at192.168.1.3. The server on 192.168.1.2 use the gateway 192.168.1.1 and NAT/SMB works fine on this one.
The other server is at 192.168.1.3 and does not have a gateway on that network card. It is also connected to a 10.0.0.0 network with a second network card. This one has a gateway: 10.0.0.1.
If I put a server on 192.168.1.200, NAT/SMB works perfectly on both servers (192.168.1.2 and 192.168.1.3). I have no problem at all reaching them from 192.168.1.200.
It seams to be a problem with NAT thru the VPN tunnel.
I cannot have two gateways on one server, but if I try to set two (one on each netcard); 10.0.0.1 AND 192.168.1.1. It actuality works!! I am not happy with two gateways and it would probably give my problems in the long run.
If NAT can be used on the local network but not thru a VPN tunnel it must have something to do with the PIX
So what can or should I do?
I have this (among others in my pix config): access-list allow_inbound permit tcp host 2xx.12.13.14 interface outside eq 3389 ip address inside 192.168.1.1 255.255.255.0 ip verify reverse-path interface outside ip audit info action drop ip audit attack action drop global (outside) 1 interface nat (inside) 0 access-list 199 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp interface 3389 192.168.1.2 3389 netmask255.255.255.255 0 0 static (inside,outside) tcp interface 3390 192.168.1.3 3389 netmask 255.255.255.255 0 0 access-group allow_inbound in interface outside
Best regards Martin