[fw-wiz] l2tp/Ipsec and pix
From: Jean Caron (caronj_at_norac.net)
Date: 01/14/05
- Previous message: L Cubed: "Re: [fw-wiz] PIX responding with SYN+ACK to SYN+ACK probe sent on open port"
- Next in thread: Wes Noonan: "[fw-wiz] Per application port DMZ segments?"
- Reply: Wes Noonan: "[fw-wiz] Per application port DMZ segments?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Fri, 14 Jan 2005 10:47:54 -0500
Hi,
Is it possible to have a l2tp/ipsec tunnel go through a pix firewall?
I have a win client establishing a l2tp/ipsec tunnel to a pix. Works fine.
But now I need to throw another pix in to protect the client. So I'm trying
to have the tunnel go *through* this second pix.
The client address needs to be NATed on the outside of this second pix.
Here's part of the "debug crypto isakmp" output;
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 0
Again, if I remove the second pix, use it's outside address on my win client
and adjust the policy's endpoints accordingly, the tunnel comes up just
fine.
Jean
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: L Cubed: "Re: [fw-wiz] PIX responding with SYN+ACK to SYN+ACK probe sent on open port"
- Next in thread: Wes Noonan: "[fw-wiz] Per application port DMZ segments?"
- Reply: Wes Noonan: "[fw-wiz] Per application port DMZ segments?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
