VPN -- why do I see the remote IP address (not vpn pool addr) inmy log?

Discussion in 'Cisco' started by Hank Zoeller, Feb 10, 2006.

  1. Hank Zoeller

    Hank Zoeller Guest

    I'm trying to get a VPN running using a PIX 501.

    I can connect and authenticate fine. When I try to map a drive, I see
    the following in the PIX log:
    No translation group found for tcp src outside:192.168.200.2/1075 dst
    inside:192.168.0.250/139

    I'm surprised to see the 192.168.200.2 address. That is the private
    internal address of the outside machine on it's remote LAN. But I
    thought I'd see the ip address assigned to it from the PIX VPN pool
    which is 192.168.4.1.

    My current config:
    ....
    access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0
    192.168.4.0 255.255.255.0
    ....
    nat (inside) 0 access-list inside_outbound_nat0_acl
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    ....
    ip local pool vpn_users 192.168.4.1-192.168.4.254
    ....
    sysopt connection permit-pptp
    ....
    vpdn group PPTP-VPDN-GROUP accept dialin pptp
    vpdn group PPTP-VPDN-GROUP ppp authentication pap
    vpdn group PPTP-VPDN-GROUP ppp authentication chap
    vpdn group PPTP-VPDN-GROUP ppp authentication mschap
    vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
    vpdn group PPTP-VPDN-GROUP client configuration address local vpn_users
    vpdn group PPTP-VPDN-GROUP pptp echo 60
    vpdn group PPTP-VPDN-GROUP client authentication local
    vpdn enable outside
    ....

    Thanks for any help offered.
    --
    HZ
     
    Hank Zoeller, Feb 10, 2006
    #1
    1. Advertising

  2. Re: VPN -- why do I see the remote IP address (not vpn pool addr) in my log?

    sysopt connection permit-ipsec

    http://www.cisco.com/en/US/products...s_configuration_example09186a00801e71c0.shtml

    HTH
    "Hank Zoeller" <> wrote in message
    news:43ecdda0$0$3515$...
    > I'm trying to get a VPN running using a PIX 501.
    >
    > I can connect and authenticate fine. When I try to map a drive, I see the
    > following in the PIX log:
    > No translation group found for tcp src outside:192.168.200.2/1075 dst
    > inside:192.168.0.250/139
    >
    > I'm surprised to see the 192.168.200.2 address. That is the private
    > internal address of the outside machine on it's remote LAN. But I thought
    > I'd see the ip address assigned to it from the PIX VPN pool which is
    > 192.168.4.1.
    >
    > My current config:
    > ...
    > access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0
    > 192.168.4.0 255.255.255.0
    > ...
    > nat (inside) 0 access-list inside_outbound_nat0_acl
    > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    > ...
    > ip local pool vpn_users 192.168.4.1-192.168.4.254
    > ...
    > sysopt connection permit-pptp
    > ...
    > vpdn group PPTP-VPDN-GROUP accept dialin pptp
    > vpdn group PPTP-VPDN-GROUP ppp authentication pap
    > vpdn group PPTP-VPDN-GROUP ppp authentication chap
    > vpdn group PPTP-VPDN-GROUP ppp authentication mschap
    > vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
    > vpdn group PPTP-VPDN-GROUP client configuration address local vpn_users
    > vpdn group PPTP-VPDN-GROUP pptp echo 60
    > vpdn group PPTP-VPDN-GROUP client authentication local
    > vpdn enable outside
    > ...
    >
    > Thanks for any help offered.
    > --
    > HZ
     
    Julian Dragut, Feb 13, 2006
    #2
    1. Advertising

  3. Re: VPN -- why do I see the remote IP address (not vpn pool addr) in my log?

    In article <zhUHf.6807$>,
    Julian Dragut <> wrote:
    :sysopt connection permit-ipsec

    Unfortunately, no. Hank is not using ipsec, he is using pptp, and
    his quoted configuration already includes sysopt connection permit-pptp
     
    Walter Roberson, Feb 13, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    12,072
    Robin Walker
    Dec 11, 2004
  2. Walter Steiner
    Replies:
    0
    Views:
    751
    Walter Steiner
    Jul 19, 2005
  3. DenisJ
    Replies:
    1
    Views:
    4,464
    mgasparr
    Aug 31, 2006
  4. eostrike
    Replies:
    3
    Views:
    2,114
    eostrike
    Oct 24, 2008
  5. tom
    Replies:
    0
    Views:
    979
Loading...

Share This Page