Minor Problem with remote access VPN

Discussion in 'Cisco' started by Ryan Cole, Jul 19, 2006.

  1. Ryan Cole

    Ryan Cole Guest

    in my office we run a PIX 506 with a VPN to another PIX 506 in the
    datacenter. The IP ranges for these are and respectively.

    i have set up another PIX in a clients site with IP range and set up a remote access VPN for this.

    when i remote access using the cisco VPN client and are in my office
    (i.e. behind my PIX) i can connect to the clients VPN however i can not
    ping any internal address on that site, and hence the VPN is useless.

    in order for the remote access VPN to work i can not be behind my PIX,
    for example if i give myself a real IP address and plug my laptop in
    outside the firewall i can connect to the remote access VPN fine and
    also ping and connect to all the devices there.

    any ideas what i need to do either on my firewall to allow this
    outgoing connections or anything that needs done on the clients PIX?

    many thanks

    Ryan Cole, Jul 19, 2006
  2. Ryan Cole

    RC Guest

    Probably just an ACL problem. Post the config.

    RC, Jul 20, 2006
  3. Ryan Cole

    Ryan Cole Guest

    thanks for the reply,
    here is the config file for the PIX in my office (as you say it might
    be an ACL problem i have only posted the ACL)

    access-list remote_splitTunnelAcl permit ip any
    access-list inside_outbound_nat0_acl permit ip
    access-list inside_outbound_nat0_acl permit ip datacenter-int
    access-list outside_cryptomap_dyn_20 permit ip any
    access-list outside_cryptomap_20 permit ip

    do i need change any of these values in this to solve my problem above
    or do you need to see more of the config or the config of the remote
    PIX i am trying to VPN onto?

    many thanks
    Ryan Cole, Aug 22, 2006
