Cisco VPN Client and DMZ

Discussion in 'Cisco' started by Bjorn, Nov 14, 2003.

  1. Bjorn

    Bjorn Guest

    Usually setting up Cisco VPN Clients to a Pix is a piece of cake. But
    yesterday bumped into another little problem. Between the Pix and the ISA
    Server there is DMZ (10.0.0.0), while the inside of the ISA is 192.168.11.0.

    The client connected fine but there was no traffic. This must be a common
    issue shurely?



    Bjorn
    Bjorn, Nov 14, 2003
    #1
    1. Advertising

  2. Bjorn

    Bjorn Guest

    I now see that I can't get through the ISA. On the DMZ I can ping the inside
    of the Pix but not the outside of the ISA. This means that I need to create
    a route for the VPN client through the ISA to the private network?


    Bjorn

    "Bjorn" <> wrote in message
    news:mt%sb.6422$...
    > Usually setting up Cisco VPN Clients to a Pix is a piece of cake. But
    > yesterday bumped into another little problem. Between the Pix and the ISA
    > Server there is DMZ (10.0.0.0), while the inside of the ISA is

    192.168.11.0.
    >
    > The client connected fine but there was no traffic. This must be a common
    > issue shurely?
    >
    >
    >
    > Bjorn
    >
    >
    Bjorn, Nov 14, 2003
    #2
    1. Advertising

  3. In article <mt%sb.6422$>,
    Bjorn <> wrote:
    :Usually setting up Cisco VPN Clients to a Pix is a piece of cake. But
    :yesterday bumped into another little problem. Between the Pix and the ISA
    :Server there is DMZ (10.0.0.0), while the inside of the ISA is 192.168.11.0.

    :The client connected fine but there was no traffic. This must be a common
    :issue shurely?

    I do not understand what you are asking. *What* ISA Server are you
    talking about? Where is the DMZ ? -What- is the DMZ ?

    Show us a diagram with the interfaces labeled by IP range.
    --
    Contents: 100% recycled post-consumer statements.
    Walter Roberson, Nov 14, 2003
    #3
  4. Bjorn

    Bjorn Guest

    Well, by reading my own previous messages I see what you're saying. I should
    just use a diagram instead of trying to explain something that may not be a
    DMZ at all. Here it is:

    Internet
    |
    Cisco Pix 506
    (10.0.0.1)
    |
    (10.0.0.2)
    Microsoft ISA Server
    (192.168.11.5)
    |
    Local LAN
    (192.168.11.0)


    Everything works OK, internet, mail, web servers, but I can't get a Cisco
    VPN Client to work from the outside. It connects, but no traffic.

    The client get it's IP pool from the 10.0.0.0 net when it connects.

    By the way, it's the 10.0.0.0 net that I previously reffered to as a DMZ....


    Bjorn


    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bp3oqm$qc1$...
    > In article <mt%sb.6422$>,
    > Bjorn <> wrote:
    > :Usually setting up Cisco VPN Clients to a Pix is a piece of cake. But
    > :yesterday bumped into another little problem. Between the Pix and the ISA
    > :Server there is DMZ (10.0.0.0), while the inside of the ISA is

    192.168.11.0.
    >
    > :The client connected fine but there was no traffic. This must be a common
    > :issue shurely?
    >
    > I do not understand what you are asking. *What* ISA Server are you
    > talking about? Where is the DMZ ? -What- is the DMZ ?
    >
    > Show us a diagram with the interfaces labeled by IP range.
    > --
    > Contents: 100% recycled post-consumer statements.
    Bjorn, Nov 15, 2003
    #4
  5. Bjorn

    Bjorn Guest

    I found the solution to my problem on support.microsoft article 294720 and
    it now works fine. I now just need to figure out how to get the VPNs to work
    on the Pix ie. let the requests for the individual addresses get through the
    ISA and initiate the tunnels....


    Bjorn


    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bp3oqm$qc1$...
    > In article <mt%sb.6422$>,
    > Bjorn <> wrote:
    > :Usually setting up Cisco VPN Clients to a Pix is a piece of cake. But
    > :yesterday bumped into another little problem. Between the Pix and the ISA
    > :Server there is DMZ (10.0.0.0), while the inside of the ISA is

    192.168.11.0.
    >
    > :The client connected fine but there was no traffic. This must be a common
    > :issue shurely?
    >
    > I do not understand what you are asking. *What* ISA Server are you
    > talking about? Where is the DMZ ? -What- is the DMZ ?
    >
    > Show us a diagram with the interfaces labeled by IP range.
    > --
    > Contents: 100% recycled post-consumer statements.
    Bjorn, Nov 15, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MP
    Replies:
    2
    Views:
    12,232
  2. jarcar
    Replies:
    0
    Views:
    579
    jarcar
    Feb 12, 2004
  3. Network-Guy

    Cisco PIX DMZ to DMZ Access

    Network-Guy, Sep 23, 2005, in forum: Cisco
    Replies:
    7
    Views:
    3,863
    Walter Roberson
    Sep 25, 2005
  4. TechGuy
    Replies:
    3
    Views:
    5,858
    GizmoTech
    Feb 5, 2009
  5. Ned
    Replies:
    0
    Views:
    540
Loading...

Share This Page