I've been searching and searching for info on this problem and haven't found anything yet - so I figured I'd go to one of the few places on the internet where technical questions actually get answered.
So, here's the situation. I'm here in my office at work, and I'd like to connect to our webserver - which is hosted downtown - through a VPN. On the webserver side, we have a Cisco PIX501. On my side, I have installed the Cisco Easy VPN client 4.0.1. I thought I had everything configured correctly on both the PIX and in my client, and I can connect to the PIX just fine. The problem is, when I connect to the PIX, I lose my internet/network connection. Basically while connected to the PIX through the VPN client, I can't get anywhere on either my local netywork, the remote network, or out to the internet. And, as soon as I disconnect, my internet/network connection is restored. So, I was hoping that someone here might have set up something similar in the past or could at least just point out where I'm being retarded.
Here's what I have as far as configuration goes.
--------------------------------------------
Here is the 'sh config' section from the pix that is related to the VPN:
--------------------------------------------
access-list inside_outbound_nat0_acl permit ip any 192.168.1.0 255.255.255.224
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.0 255.255.255.224
ip local pool remote 192.168.1.10-192.168.1.20
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup temavpn address-pool remote
vpngroup temavpn dns-server 192.168.1.14 216.243.112.10
vpngroup temavpn default-domain workgroup
vpngroup temavpn idle-time 1800
vpngroup temavpn password ********
--------------------------------------------
Here is the output of ipconfig on my computer after the vpn client is connected (when everything goes broke.) FYI - Local Area Connection 2 shown below is not a second ethernet interface - I only have 1 eth adapter on my computer. As far as I can tell, it is some sort of a pseudo interface that was installed by the Cisco VPN client. It is only enabled while the client is connected.:
--------------------------------------------
C:\Documents and Settings\tsmith>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TEMA0201
Primary Dns Suffix . . . . . . . : domain.tema
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : workgroup
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-07-E9-E3-C4-E1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.108
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.14
DNS Servers . . . . . . . . . . . : 192.168.1.14
209.253.113.10
209.253.113.2
209.253.113.18
Lease Obtained. . . . . . . . . . : Thursday, October 09, 2003 5:00:13 P
M
Lease Expires . . . . . . . . . . : Sunday, October 12, 2003 5:00:13 PM
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : workgroup
Description . . . . . . . . . . . : Cisco Systems VPN Adapter
Physical Address. . . . . . . . . : 00-06-9C-3C-24-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.14
216.243.112.10
--------------------------------------------
So, If anyone can see what's wrong here, I'd appreciate it. If you need more info on my config, let me know and I'll post it.
Thanks All!
- trs