1. Home
  2. Cisco Systems
  3. PIX VPN: can't see the whole network

PIX VPN: can't see the whole network

I just set up VPN on a PIX 525, and I need some assistance. Our network consists of networks in either 10.32.0.0 or 10.26.0.0. With these networks, we may have subnets such as 10.32.10.0, 10.26.50.0...etc (you get the idea). So when setting up the VPN, here's the lines I used:

access-list split-tunnel permit ip 10.32.0.0 255.255.0.0 192.168.50.0

255.255.255.0 access-list split-tunnel permit ip 10.26.0.0 255.255.0.0 192.168.50.0 255.255.255.0

and

access-list nat0 permit ip 10.32.0.0 255.255.0.0 192.168.50.0 255.255.255.0 access-list nat0 permit ip 10.26.0.0 255.255.0.0 192.168.50.0 255.255.255.0

Ok, from what I know from my limited experience, I expect that everyone coming in via VPN should have access to the 10.32.0.0 and 10.26.0.0 networks. But that doesn't appear to be the case....since some servers and other equipment within those networks aren't accessible when connected via VPN (By the way, the Cisco VPN client is showing the "secured routes" as being 10.26.0.0 255.255.0.0 and 10.32.0.0 255.255.0.0).

An example would be servers or routers/switches on 10.26.16.0...or

10.32.35.0. I simply can't access them when I'm connected via this PIX VPN. When I try to ping their IP addresses, it simply times out. Can someone please help my in figuring out why I can access "most" equipment on my two networks while I can't access others?

Thanks much in advance!

Reply to
Jon Doe
Loading thread data ...

Are you absolutly certain, that this is not a simple route issue ?

meaning that the 10nw knows the route back to the Cisco VPN Clients ... (try from a server to ping the clients) and that you do not have any personal firewall services installed on servers/clients

else try post your cfg

hth Martin Bilgrav

255.255.255.0
255.255.255.0
Reply to
Martin Bilgrav

That's really what I'm trying to figure out. Also, as I mentioned before, this is not a case in which the VPN clients can't get *anywhere* on the network. For instance, when I connect from home to VPN, I'm able to get to most (I'll give a rough estimate of 85%) of whatever I need to get access to. By the way, we're very heavy into VLANs here... in case that might have anything to do with it.

So, it's only a few VLANs here and there that I cannot get access to. The main reason I got word of this problem was that while connected to this new VPN, we can no longer get access to a few of our routers or switches... so we can't administer them while at home (which we really need to be able to do).

I should also mention here that the whole reason for the cisco vpn is that we're trying to get rid of the microsoft pptp vpn currently in place. When connected to the microsoft vpn, I have access to *everything*.

Reply to
Jon Doe

please verify our route-statements/protocols, and if there is any VACLs in place, ACL on routers etc. The IP pool used for VPN must be routed and allowed.

GL

HTH

MArtin

"Jon Doe" skrev i en meddelelse news: snipped-for-privacy@comcast.com...

Reply to
Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.