Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Cisco VPN Client from dmz of PIX

bgraham
Level 1
Level 1

‎03-26-2007 09:17 AM

I have a machine in the DMZ of our PIX 515E (6.3.3) that needs to connect to an outside IP address. It has Cisco VPN Client 4.0.4D and it is set up to allow transparent Tunneling and to use IPSEC over UDP (NAT/PAT). If I give it a public IP and stick it on the outside everything works.

Using debug, I can see it is trying to connect to port 500 on the other side, but it gets no response.

I have a static NAT through the firewall, I have fixup protocol esp-ike, I have allowed udp ports 500, 4500 and 1000 for the DMZ and outside addresses.

Can anyone tell me what I am missing?

Thanks,

Bob

Labels:
0 Helpful
1 Reply 1

Kamal Malhotra
Cisco Employee
Cisco Employee

‎03-26-2007 10:20 AM

Hi Bob,

It seems that you are missing NAT-T on the other end. Please look into it.

HTH,

Please rate if it helps,

Regards,

Kamal

0 Helpful
Customers Also Viewed These Support Documents