Question : Problem: Able to login to Corp VPN but can not access resources. Please Help

At the corp office I have a Cisco PIX 515e... Users connect from home using the Cisco VPN Client V.3.6.3 Installed on Windows XP Pro.

Windows XP Firewall is turned off.

I and others are able to connect with cable modems (no router/firewall) and ping/access corporate resources no problem. Two users behind routers/firewalls seem like they connect (enter username & Password) but once connected can not access resources (e-mail). One has a brand new Linksys WAP and the other has a 2Wire HomePortal 1000 v. 3.1.0.

I was told by a soon to be CCIE that I needed to open protocols 50 & 51 or ESP and AH on the home network routers/firewalls. I know how to open Ports, but... could not figure out how to open these protocols.

Networking at this level is not my area of expertise... please assist.

Thank you,

Joe_C

Answer : Problem: Able to login to Corp VPN but can not access resources. Please Help

Hi Joe...

The fact that you can ping the server in question is very promising from what you originally posted.

If you were telling me that everyone had this issue I would suggest you try adding a DNS entry on the pix...

Here's an example I pulled off of cisco:
[On a pix]
vpngroup vpn3000 dns-server xx.xx.xx.xx
vpngroup vpn3000 wins-server xx.xx.xx.xx
vpngroup vpn3000 default-domain yourdomain.com
vpngroup vpn3000 idle-time 1800

[on a router]
ip domain-name yourdomain.com
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
ip dhcp-server xx.xx.xx.xx

xx=the ip number for those servers.

Seems like you would also pull this info from DHCP...unless they are using a pool. If they are using a pool they probably need those entries or something like it.

Also you shouldn't have to add LMHOST if others in your company are working fine and didn't have to.

You may want to ensure that you have Enable LMHOST lookup enabled under your advanced settings for your tcp/ip protocol. The fact that you can't ping the name means that you aren't using the LMHOST file or something is incorrect in that file...could be syntax or maybe wrong address. Either way you should see a translation come up for it like this:
C:\>ping www.cisco.com

Pinging www.cisco.com [198.133.219.25] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Since others are working fine most likely means that everything is set correctly at your company site. So to answer your last question...probably not an issue with Radius or PIX because you've authenticated and are able to PING...also others are working fine...work through possible DNS issue.

Random Solutions

Problem: Itunes is ejecting a blank CD when trying to burn a playlist

Problem: I need help on setting up bgp on a cisco 3750 router

Problem: Connect to linux server with SSH Public/Private key pair via Dreamweaver CS3

Problem: Any Graphics card which has AGP and PCI slot provisioning?

Problem: Unable to access PC via radmin from external IP

Problem: How can I reset the CMOS on a laptop (Winbook A215)?

Problem: Asus P5BV-E Raid Problems

Problem: Making a Notice board using a Plasma TV!

Problem: sync iPod to new computer without losing existing data

Problem: Hard Drive Recovery : Windows XP: Windows Directory Inaccessable