[vpn] Cisco VPN 3.x client

Chuck Renner crenner at dynalivery.com
Fri Dec 7 19:24:14 EST 2001 

Ok...let me clarify my earlier question.

I've got a situation like this:

                 Internet
                    |
                    |
		    (router)
                 |     |
                /                      /               (firewall          (Cisco PIX)
         NAT               |
       default GW)         |
               \          /
                \        /
                internal network


The internal network is 192.168.1.0/24.  The VPN clients are 192.168.2.0/24.
A routing entry in the NAT firewall redirects all traffic for 192.168.2.0/24
to the PIX.  At this time, no other traffic passes through the PIX; it's
only doing VPN duties, so all encrypted traffic bypasses conduit rules.

I've tried adding a default route on the PIX's internal interface to point
to my internal network's gateway, and I've added an ipchains rule on that
system to forward the traffic.

I've done some packet sniffing now with the client doing a tracert to
www.yahoo.com, and can report the following:

* The client is encrypting each packet of the traceroute and sending it to
the PIX.

* On the internal network, the most I see from the client is a DNS query for
www.yahoo.com.  


So something in the PIX configuration has to be the culprit.  Any ideas?





> -----Original Message-----
> From: Chuck Renner [mailto:crenner at dynalivery.com]
> Sent: Thursday, December 06, 2001 5:01 PM
> To: 'vpn at securityfocus.com'
> Subject: [vpn] Cisco VPN 3.x client
> 
> 
> First, a big "thank you" to those on the list that have given 
> me a hand in
> the past.  You've helped me over some big hurdles in getting 
> a VPN working
> across my PIX.  Hopefully, you'll be able to do the same this time.
> 
> Here's what I have:
> * Cisco VPN 3.x client running on WinNT connecting to a PIX 506
> 
> * Everything is working nicely as far as connecting back into 
> the LAN from a
> public network (except that pesky browse list...)
> 
> *  The only problem is connecting to sites outside of the LAN.  
> 
> In other words, I'm connected to my LAN via the VPN, and want 
> to get to
> Yahoo's web site.  Without opening up local LAN access in the 
> Cisco client,
> I would need packets to go through my LAN's gateway.
> 
> Can anyone nudge me in the right direction to get this to work?
> 
> Thanks
> 
> VPN is sponsored by SecurityFocus.com
> 

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list