Re: [fw-wiz] Cisco VPN Client Behind a Cisco PIX or Router

From: james (james_at_jdfogg.com)
Date: 09/01/04

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]" 
    To: Al Cooper <alc@tlynx.com>
Date: 01 Sep 2004 15:16:09 -0400

    On Wed, 2004-09-01 at 12:42, Al Cooper wrote:
    > I have configured a Cisco VPN Client (4.6.00) to connect to a Cisco PIX
    > 515E [6.3(3)]. The VPN works great except when the VPN client is behind
    > another PIX or a Cisco router. If the VPN client behind a PIX or a Cisco
    > router I can make the initial connect fine but I cannot pass any traffic
    > (pings time out and protocols do not connect).
    >
    > If I am behind my Linux (IPCop) firewall or at a hotel (unknown firewall,
    > probably a cable modem) I do not have a problem. I can connect and pass
    > traffic.

    I have run into this also, it has to do with the PIX not having an IPSec
    proxy. I did get some help once but never got it to run. As I recall you
    need to allow IP port 50 inbound through the PIX that is shielding the
    client. Someone clued me into why the solution may have not worked for
    me - I had random sequence numbers enabled and that will break IPSec.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"

    Relevant Pages