RE: [fw-wiz] Cisco Remote Access VPN Problem
From: Paul Melson (pmelson_at_gmail.com)
Date: 09/07/05
- Previous message: Paul Melson: "RE: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- In reply to: Firewall-Wizards: "[fw-wiz] Cisco Remote Access VPN Problem"
- Next in thread: Firewall-Wizards: "RE: [fw-wiz] Cisco Remote Access VPN Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Firewall-Wizards'" <Firewall-Wizards@govnet.gov.fj>, <firewall-wizards@honor.icsalabs.com> Date: Wed, 7 Sep 2005 14:21:42 -0400
Static arp entries using the arp command won't help. Enabling proxy-arp on
FE0/1 might.
PaulM
-----Original Message-----
Subject: [fw-wiz] Cisco Remote Access VPN Problem
Hi Folks
I can get the tunnel successfully established ,the client successfully
authenticated with RADIUS, SA's formed and virtual ips (from the dmz)
assigned to the remote vpn client. There's static routes present on the 2600
to route internal network traffic to the dmz gateway (ie. fw) which
subsequently has rules to route these vpn traffic inside the internal
network.
...
As a workaround, i tried putting in some static arp entries on the fw , for
these virtual ips to point to physical dmz interface of the vpn device The
ensuring result was that return traffic made it way back to the vpn device,
but then couldn't get to the actual vpn client :-(
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Melson: "RE: [fw-wiz] PIX firewall licensing and beyond (newbie)"
- In reply to: Firewall-Wizards: "[fw-wiz] Cisco Remote Access VPN Problem"
- Next in thread: Firewall-Wizards: "RE: [fw-wiz] Cisco Remote Access VPN Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
