XPost: comp.dcom.sys.cisco, comp.security.firewalls
From: bilgravCUTTHISOUT@image.dk
Are you absolutly certain, that this is not a simple route issue ?
meaning that the 10nw knows the route back to the Cisco VPN Clients ...
(try from a server to ping the clients)
and that you do not have any personal firewall services installed on
servers/clients
else try post your cfg
hth
Martin Bilgrav
"Jon Doe" wrote in message
news:lLadnQSrJ-C2XYHeRVn-jg@comcast.com...
> I just set up VPN on a PIX 525, and I need some assistance. Our network
> consists of networks in either 10.32.0.0 or 10.26.0.0. With these
networks,
> we may have subnets such as 10.32.10.0, 10.26.50.0...etc (you get the
idea).
> So when setting up the VPN, here's the lines I used:
>
> access-list split-tunnel permit ip 10.32.0.0 255.255.0.0 192.168.50.0
> 255.255.255.0
> access-list split-tunnel permit ip 10.26.0.0 255.255.0.0 192.168.50.0
> 255.255.255.0
>
> and
>
> access-list nat0 permit ip 10.32.0.0 255.255.0.0 192.168.50.0
255.255.255.0
> access-list nat0 permit ip 10.26.0.0 255.255.0.0 192.168.50.0
255.255.255.0
>
> Ok, from what I know from my limited experience, I expect that everyone
> coming in via VPN should have access to the 10.32.0.0 and 10.26.0.0
> networks. But that doesn't appear to be the case....since some servers and
> other equipment within those networks aren't accessible when connected via
> VPN (By the way, the Cisco VPN client is showing the "secured routes" as
> being 10.26.0.0 255.255.0.0 and 10.32.0.0 255.255.0.0).
>
> An example would be servers or routers/switches on 10.26.16.0...or
> 10.32.35.0. I simply can't access them when I'm connected via this PIX
VPN.
> When I try to ping their IP addresses, it simply times out. Can someone
> please help my in figuring out why I can access "most" equipment on my two
> networks while I can't access others?
>
> Thanks much in advance!
>
>
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
