default gateways for vpn

Discussion in 'Cisco' started by John Schleigh, Oct 7, 2005.

  1. I have set up my pix 506e (ver. 6.3) to allow locally authenticated,
    encrypted vpn connections
    (http://www.cisco.com/en/US/products..._configuration_example09186a0080143a5d.shtml).
    However, the vpn clients are not able to access any networks other than my
    internal network when they are connected. No browsing the internet or
    other such things.

    I'm sure there must be a simple solution to this. I tried setting the pool
    to the same network as my inside interface, but then the vpn doesn't work.
    Any help is appreciated.

    Here are the commands I added to set up the vpn:

    access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0
    255.255.255.0
    ip local pool vpnpool 192.168.2.1-192.168.2.50
    nat (inside) 0 access-list 101
    sysopt connection permit-pptp
    vpdn group 1 accept dialin pptp
    vpdn group 1 ppp authentication pap
    vpdn group 1 ppp authentication chap
    vpdn group 1 ppp authentication mschap
    vpdn group 1 ppp encryption mppe auto
    vpdn group 1 client configuration address local vpnpool
    vpdn group 1 client configuration dns 192.168.1.4
    vpdn group 1 pptp echo 60
    vpdn group 1 client authentication local
    vpdn username ******* password *********
    vpdn enable outside

    --
    John R Schleigh IV
    IT Manager
    Network America, Inc.
    (757) 486-5694
    ___________________
    Those who express random thoughts to legislative committees are often
    surprised and appalled to find themselves the instigators of law.
    -- Mark B. Cohen
     
    John Schleigh, Oct 7, 2005
    #1
    1. Advertising

  2. In article <jwA1f.38$>,
    John Schleigh <> wrote:
    :I have set up my pix 506e (ver. 6.3) to allow locally authenticated,
    :encrypted vpn connections

    :However, the vpn clients are not able to access any networks other than my
    :internal network when they are connected. No browsing the internet or
    :eek:ther such things.

    :I'm sure there must be a simple solution to this.

    No, the PIX was designed not to allow that.

    If you have 6.3(4) on your 506E, and you can subnet your outside IP
    range, and your WAN switch or router can handle 802.1Q VLANs and
    your WAN router can route to VLANs... if -all- of those are true,
    then you can create a "logical interface" (802.1Q vlan) on the
    outside interface, assign it a fraction of your address space,
    and then have your VPN clients connect to one of the logical
    interfaces whilst your main internet connection is to the other.
    [I'm not sure if you will be able to PPTP to a logical interface;
    PPTP might have to go to the underlying physical interface.]
    --
    Programming is what happens while you're busy making other plans.
     
    Walter Roberson, Oct 7, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest
    Replies:
    4
    Views:
    18,361
    scott enwright
    Jan 17, 2004
  2. Edwin Davidson

    Routing/Default Gateways/WAN down.

    Edwin Davidson, May 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,638
    Barry Margolin
    May 10, 2004
  3. Replies:
    2
    Views:
    903
    Martin Bilgrav
    Mar 4, 2005
  4. J. Lanza

    Default Gateways...

    J. Lanza, Nov 26, 2005, in forum: Cisco
    Replies:
    6
    Views:
    741
    Hansang Bae
    Nov 28, 2005
  5. Giuen
    Replies:
    0
    Views:
    1,154
    Giuen
    Sep 12, 2008
Loading...

Share This Page