IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
We have a PIX 501 connected to DSL using PPPOE with outside to inside VPN setup and functioning using the EasyVPN client and a preshared key. We replace the DSL modem with a small router that is now doing the PPOE negociation instead of the nPIX. I have removed the VPDN references to PPPOE:vpdn group pppoe_group request dialout pppoevpdn group pppoe_group localname email@example.com group pppoe_group ppp authentication papvpdn username firstname.lastname@example.org password ********* vpdn username email@example.com password ********* store-localvpdn username scott password ********* vpdn username barry password ********* And left in the vpngroup lines:vpngroup TQA_VPN address-pool CVPN_DHCPvpngroup TQA_VPN dns-server 10.1.1.99vpngroup TQA_VPN wins-server 10.1.1.99vpngroup TQA_VPN default-domain tqa-inc.comvpngroup TQA_VPN split-tunnel inside_outbound_nat0_aclvpngroup TQA_VPN idle-time 1800vpngroup TQA_VPN password ********What do I need to add/chage to allow VPN access again?I tried this to no avail:vpdn group TQA_VPN accept dialin l2tpvpdn group TQA_VPN l2tp tunnel hello 60vpdn enable Barry
I am now connecting with the VPN client but cannot access any resources. I have attached client log (everything appears O.K.) and the PIX configuration. Note that in the PIX configuration there is an "Incomplete" coment but I don't know why. Also assistance with a split tunnelling statement would be greatly appreciated.Thanks,Barry
Hi,please enter the following commands on the PIX :no crypto map outside_dyn_map 20no vpngroup TQA_VPN1 address-pool vpnpool1ip local pool vpnpool 192.168.1.1-192.168.1.20access-list nonat permit ip any 192.168.1.0 255.255.255.0access-list split permit ip any 192.168.1.0 255.255.255.0nat (inside) 0 access-list nonatvpngroup TQA_VPN1 address-pool vpnpoolvpngroup TQA_VPN1 split-tunnel splitThat should do it.*Please rate if helped.-Kanishka