Cisco VPN Client from dmz of PIX

Unanswered Question

I have a machine in the DMZ of our PIX 515E (6.3.3) that needs to connect to an outside IP address. It has Cisco VPN Client 4.0.4D and it is set up to allow transparent Tunneling and to use IPSEC over UDP (NAT/PAT). If I give it a public IP and stick it on the outside everything works.

Using debug, I can see it is trying to connect to port 500 on the other side, but it gets no response.

I have a static NAT through the firewall, I have fixup protocol esp-ike, I have allowed udp ports 500, 4500 and 1000 for the DMZ and outside addresses.

Can anyone tell me what I am missing?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kamal Malhotra Mon, 03/26/2007 - 10:20

Hi Bob,

It seems that you are missing NAT-T on the other end. Please look into it.


Please rate if it helps,




This Discussion