PIX + Microsoft RAS VPN

Discussion in 'Cisco' started by newb, Sep 10, 2004.

  1. newb

    newb Guest

    I am having some problems setting up a combination PIX + RAS VPN. I have PIX and a VPN server both sitting on the internet. The PIX works fine for our internal network but I would like to be able to vpn into the network and then get back out to the internet through the PIX. Our internal network is 10.2.1.X and when we come in through the VPN we are served up 10.2.2.X addresses. The PIX has RIP setup and the VPN server is advertising that it is the gateway for the 10.2.2.X (when I do a show route the advertised rip route shows upon the PIX). When the VPN connects the PIX is set as the gateway but when I try and get to any computers on the internet it fails and eventually falls back to using the PC's actual gateway rather then the VPN'd gateway. When I am VPN'd in I can see all the computers on the 10.2.1.X network, just can't get to the internet.

    Colin Fischer
    newb, Sep 10, 2004
    #1
    1. Advertising

  2. newb

    Mr. B. Guest

    "newb" <> wrote in message news:<DXp0d.365299$M95.36690@pd7tw1no>...
    > I am having some problems setting up a combination PIX + RAS VPN. I

    have PIX and a VPN server both sitting on the internet. The PIX works
    fine for our internal network but I would like to be able to vpn into
    the network and then get back out to the internet through the PIX. Our
    internal network is 10.2.1.X and when we come in through the VPN we
    are served up 10.2.2.X addresses. The PIX has RIP setup and the VPN
    server is advertising that it is the gateway for the 10.2.2.X (when I
    do a show route the advertised rip route shows upon the PIX). When the
    VPN connects the PIX is set as the gateway but when I try and get to
    any computers on the internet it fails and eventually falls back to
    using the PC's actual gateway rather then the VPN'd gateway. When I am
    VPN'd in I can see all the computers on the 10.2.1.X network, just
    can't get to the internet.
    >
    > Colin Fischer


    By design, you cannot route traffic back out of the interface it came
    in on. If you really want to look into a workaround (Note: the
    workaround is insecure unless you have a 3000 series concentrator),
    you might look into split tunneling. Again, unless you have a 3000
    series concentrator, this is risky.
    Mr. B., Sep 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,754
    Martin Bilgrav
    Feb 6, 2004
  2. cheechew
    Replies:
    0
    Views:
    451
    cheechew
    Jun 12, 2004
  3. POP3.demon.co.uk

    PIX 501 VPN RAS

    POP3.demon.co.uk, Dec 14, 2005, in forum: Cisco
    Replies:
    9
    Views:
    921
    Walter Roberson
    Dec 15, 2005
  4. Svenn
    Replies:
    3
    Views:
    706
    Svenn
    Mar 13, 2006
  5. Anthony
    Replies:
    0
    Views:
    310
    Anthony
    Dec 18, 2003
Loading...

Share This Page