XPost: comp.dcom.sys.cisco, comp.security.firewalls   
   From: jdoe@comcast.net   
      
   I just set up VPN on a PIX 525, and I need some assistance. Our network   
   consists of networks in either 10.32.0.0 or 10.26.0.0. With these networks,   
   we may have subnets such as 10.32.10.0, 10.26.50.0...etc (you get the idea).   
   So when setting up the VPN, here's the lines I used:   
      
   access-list split-tunnel permit ip 10.32.0.0 255.255.0.0 192.168.50.0   
   255.255.255.0   
   access-list split-tunnel permit ip 10.26.0.0 255.255.0.0 192.168.50.0   
   255.255.255.0   
      
   and   
      
   access-list nat0 permit ip 10.32.0.0 255.255.0.0 192.168.50.0 255.255.255.0   
   access-list nat0 permit ip 10.26.0.0 255.255.0.0 192.168.50.0 255.255.255.0   
      
   Ok, from what I know from my limited experience, I expect that everyone   
   coming in via VPN should have access to the 10.32.0.0 and 10.26.0.0   
   networks. But that doesn't appear to be the case....since some servers and   
   other equipment within those networks aren't accessible when connected via   
   VPN (By the way, the Cisco VPN client is showing the "secured routes" as   
   being 10.26.0.0 255.255.0.0 and 10.32.0.0 255.255.0.0).   
      
   An example would be servers or routers/switches on 10.26.16.0...or   
   10.32.35.0. I simply can't access them when I'm connected via this PIX VPN.   
   When I try to ping their IP addresses, it simply times out. Can someone   
   please help my in figuring out why I can access "most" equipment on my two   
   networks while I can't access others?   
      
   Thanks much in advance!   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)