Local PIX blocking Local VPN Client from connecting to Remote PIX

Unanswered Question
Feb 14th, 2007

I have a PIX-506E set up locally and a PIX-506E set up at a Site 1. I can connect to Site 1 from my backup internet connection which isn't firewalled. When trying to connect to Site 1 through Local PIX I secure the communication tunnel.. but it will not let me remote desktop into any remote machines on that network. It will let me however if I use the non-firewalled backup connection.

Please inform me how to forward/allow access through the Local PIX so that the Local VPN client can access Site 1.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bthibode Sun, 02/18/2007 - 07:53

BE sure that isakmp nat-t is enabled on your 506 as well as Site1. Also, if you have an access-list on the inside interface of your 506, be sure they allow esp traffic to the public IP address of the Site1 506. Since your tunnel is being built, this seems to be an esp issue. Make sure that esp is allowed from your PC al the way to the remote PCs. Since RDP likes to use enormous packets, this could also be a MTU issue, Can you ping the remote PCs? If so, try lowering your MTU on your local PC to something like 1100. If you cannot ping the remote PC and your tunnel supports split-tunneling, check the "allowed networks" or "secured routes".

Hope this helps.

Bryan

Actions

This Discussion