I'm in kind of a tight spot as far as network admins go. We have a Cisco router that is controlled by our ISP and the firewall was setup by a third party. We have sites connecting thru VPN to our HQ. Some are static and some are dynamic. We also have a need to have VPN clients connect and look at resources on the inside network. We are using MS (XP Pro & 2000) VPN clients.
Our PIX 515 firewall is providing VPN connectivity. Clients can connect and are authenticated, but cannot get to resources such as files, mappings and VNC. It seems there is no authorization to get to the internal network. I checked the PIX settings and it shows that AAA is done locally to the firewall. There is no external Radius or NT authorization servers listed.
Could the access lists be denying VPN access internally? Could the router, that I can't even get into, be blocking GRE, port 1723 or some other port even though I can get authenticated at the firewall?
If I can get some direction on where to start looking, it would be very helpful.