1. Home
  2. Cisco Systems
  3. VPN Client can't see internal network

VPN Client can't see internal network

Hi, Hopefully someone may be able to help me. I have a remote user (User6) with a VPN client connecting to my PIX OK, but when he tries to PING or access server 172.29.11.250 the PINGs fail ; I see no debug info on the PIX. When he PINGs the outside interface ip address I see the debug but it is coming from the IP address of the remote user ISP

- not the IP address allocated from the VPN POOL. The PIX itself can PING 172.19.11.250 and this device can PING the PIX... TIA, Ned

network-object 123.233.0.0 255.255.0.0 network-object 99.19.0.0 255.255.0.0 network-object host 89.234.51.114 access-list 102 permit ip 192.168.2.0 255.255.255.0 192.168.1.0

255.255.255.0 access-list 102 permit tcp object-group NEW-HOSTS host 67.192.238.228 object-group RFID-PREMISE access-list 102 permit icmp object-group NEW-HOSTS host 67.192.238.228 access-list 102 deny tcp any host 67.192.238.228 access-list 102 permit tcp any any eq www access-list 102 permit icmp any any access-list 102 permit ip 172.20.0.0 255.255.0.0 172.30.0.0 255.255.0.0 access-list 102 permit ip 172.20.0.0 255.255.0.0 172.29.0.0 255.255.0.0 access-list 102 permit ip 172.20.0.0 255.255.0.0 19.168.1.0 255.255.255.0 access-list 102 permit ip 172.29.0.0 255.255.0.0 19.168.1.0 255.255.255.0 access-list 80 permit ip host 172.29.11.250 host 172.20.1.1 access-list 80 permit ip host 172.29.11.250 host 172.20.1.2 access-list 80 permit ip host 172.29.11.250 host 172.20.1.3 access-list 80 permit ip host 172.29.11.250 host 172.20.1.4 access-list 80 permit ip host 172.29.11.250 host 172.20.1.5 pager lines 24 logging on logging buffered debugging mtu outside 1500 mtu inside 1500 mtu appla 1500 ip address outside 67.192.238.226 255.255.255.248 ip address inside 192.168.1.254 255.255.255.0 no ip address appla ip audit info action alarm ip audit attack action alarm ip local pool minevpn 192.168.2.1-192.168.2.100 ip local pool applapool1 172.20.1.1-172.20.1.100 pdm history enable arp timeout 14400 global (outside) 1 67.192.238.227 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 67.192.238.228 192.168.1.2 netmask 255.255.255.255 0 0 route outside 0.0.0.0 0.0.0.0 67.192.152.1 1 route inside 172.29.0.0 255.255.0.0 192.168.1.253 1 ... vpngroup user5 address-pool minevpn vpngroup user5 idle-time 600 vpngroup user5 password ******** vpngroup user6 address-pool applapool1 vpngroup user6 idle-time 600 vpngroup user6 password ******** vpngroup user7 address-pool applapool1 vpngroup user7 idle-time 600 vpngroup user7 password ********

I have tried with NO NAT on and off, but results are always the same

nat (inside) 0 access-list 80

Reply to
Ned
Loading thread data ...

did you check the routing table on the client? You should have other routes available when the VPN client is connected.

Do you see a route for the subnet you want to reach?

benner

Reply to
benner

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.