RE: [fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router
From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 09/01/04
- Previous message: Bruce B. Platt: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
- Maybe in reply to: Al Cooper: "[fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router"
- Next in thread: james: "Re: [fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Al Cooper" <alc@tlynx.com>, <firewall-wizards@honor.icsalabs.com> Date: Wed, 1 Sep 2004 15:01:28 -0400
First, the 515E that the VPN client connects to should probably have
'isakmp nat-traversal' set. That might take care of it right there.
Also, if the PIX that the VPN client sits behind has a global NAT
assigned to 'interface outside', consider creating a separate NAT
address on the outside subnet for global NAT to use. (This won't be
possible if you only have a single IP address available, like in a SOHO
/ residential setup.)
PaulM
> -----Original Message-----
> I have configured a Cisco VPN Client (4.6.00) to connect to
> a Cisco PIX
> 515E [6.3(3)]. The VPN works great except when the VPN
> client is behind
> another PIX or a Cisco router. If the VPN client behind a
> PIX or a Cisco
> router I can make the initial connect fine but I cannot pass
> any traffic
> (pings time out and protocols do not connect).
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bruce B. Platt: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"
- Maybe in reply to: Al Cooper: "[fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router"
- Next in thread: james: "Re: [fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
