ps3cheats

I have been given the task of troubleshooting a network and this is what I am facing.

There is a Lan-Lan VPN between a VPN Concentrator and PIX 506.There are users using Cisco VPN client to conect to the VPN concentrator and access the LAN.Users behind the concentrator can access servers behind the PIX--So no problems between the connectivity between Concentrator and PIX.

Problem:-

Users who dialin through the VPN client to the Concentrator are not able to access servers on the other side of the PIX.

Please let me know if anyone has any questions and I will try to explain more.
I understand that this has something to do with reverse route injection but am not very sure how to go about it.
This is really urgent and any help would be really appreciated.

ps3cheats

Sounds like a routing problem - most likely the VPN Concentrator is not advertising routes in the dialup profile to the client for the servers subnet. If you can provide some network diagrams it would help to answer your question, but I'll try to describe the problem. If your servers are on a private subnet inside the PIX, say 10.20.30.x, the VPN client will have to receive a route to 10.20.30.x. Assuming these are windows clients, get a command prompt and do "route print". If you do not see a route to your servers subnet, there is your problem.

The route must first be advertised through the PIX (or else you are doing NAT at the PIX into one of the subnets visible to the outside of the PIX) making the route visible to the concentrator (if it is running a dynamic routing protocol) or have static routes in the concentrator.

If your VPN configuration is setup for split tunnelling, you absolutely must have routes visible at the client end. If your are not doing split tunnel, the route must be visible to the concentrator.