Re: [fw-wiz] PIX VPN Question
From: Dave Rinker (firewall_at_dsrtech.com)
Date: 06/06/03
- Previous message: R. DuFresne: "RE: [fw-wiz] What challenges are security admins facing?"
- In reply to: Noonan, Wesley: "[fw-wiz] PIX VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com> Date: 06 Jun 2003 00:41:34 -0400
Wesley,
I believe what your looking for is :
isakmp nat-traversal [natkeepalive]
This is new to 6.3 code an permits you to connect to a PIX just as you
would with a VPN concentrator with UDP/ESP.
Hope this helps you in the right direction,
Dave
On Thu, 2003-06-05 at 00:33, Noonan, Wesley wrote:
> All,
>
> Having an issue with a VPN configuration for a PIX and I am missing
> something that I can't figure out. Here is the scenario:
>
> VPNCLIENT-----PIX501----INET-----PIX506
>
> VPN Client is running Cisco VPN Client 4.0.1. PIX 506 is running 6.2(2). PIX
> 501 is running 6.2(2).
>
> I have configured the PIX 506 to support clients connecting. If I connect
> without the PIX501 in between the VPNCLIENT and the PIX506, it works
> perfect. I connect, authenticate, can browse remote resources, can browse
> the internet, everything. As soon as I put the VPNCLIENT behind the PIX501
> it stops being able to connect.
>
> I have tried using it with "Enable Transport Tunneling" selected and using
> both "IPSec over UDP/NAT" and "IPSec over TCP" with port 10000 in use. When
> I set the UDP/Nat setting, I don't even see connection attempts being
> translated in the PIX501. If I set it to TCP I can see the translations
> created in the PIX501 but I don't see anything on the PIX506. Is there
> something I need to run on the PIX506 to configure it to expect TCP VPN
> connections inbound on port 10000? The PIX501 is running PAT on a single
> external IP address.
>
> I have checked Cisco's website and can't find anything that details
> configuring a VPN through a PIX using a VPNCLIENT. I feel like I am missing
> something (obviously) but I can't seem to put my finger on what it is. Any
> help is appreciated. Thanks.
>
> Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
> Senior QA Rep.
> BMC Software, Inc.
> (713) 918-2412
> wnoonan@bmc.com
> http://www.bmc.com <http://www.bmc.com/>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: R. DuFresne: "RE: [fw-wiz] What challenges are security admins facing?"
- In reply to: Noonan, Wesley: "[fw-wiz] PIX VPN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
