VPN Access through different connectivity

Answered Question
Mar 29th, 2007

My company has setup the PIX 506E Firewall to be accessible by users remotely. We have setup by grouping to access to different server.

My problem is when I am connected to the internet via a broadband connection, I am able to login and access to authorised servers. However, when I am connecting to the internet via 3G connection, I am able to login to VPN but unable to communicate with the servers.

When I am connecting via broadband connection, a dynamic IP is assigned in the range 60.xxx.xxx.xxx. When I login to VPN, secondary IP assigned is 192.168.xxx.xxx which is my office IP address range.

When I am connecting via 3G internet connection, a dynamic IP assigned is in the range of 10.xxx.xxx.xxx. When I login to VPN, I still got the office IP range 192.168.xxx.xxx.

Please advise whether is there any settings that I need to change/configure in the PIX Firewall or what could be the reason of this problem.

Many thanks in advance.

I have this problem too.
0 votes
Correct Answer by ggilbert about 9 years 8 months ago

I guess, you fat fingered the command.

isakmp nat-traversal 20

its not

isakmp net-traversal 20

Try that out.

Thanks

Gilbert

Correct Answer by ggilbert about 9 years 8 months ago

Telnet to PIX firewall.

go to the enable mode by typing "enable"

then type "config t"

Follow steps from 3 to 5

Rate this post, if it helps!!

Thanks

Gilbert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
ggilbert Thu, 03/29/2007 - 06:53

So, when you connect through the 3G internet connection, seems like you get a 10.x.x.x which is being NAT'ted somewhere.

If that is the case, then you might want to see if you are doing NAT-T on the PIX firewall.

isakmp nat-traversal 20

That would be the command to enable which will allow you to use UDP 4500.

Let me know how that works out.

Thanks

Gilbert

seokbeelim Thu, 03/29/2007 - 07:07

Hi Gilbert,

Thanks a lot for your reply.

Actually, I'm not the person who setup this Firewall and I have very little knowledge on PIX Firewall. I would like to confirm the following steps to perform the command you provided:

1) Login (Telnet) to the PIX firewall

2) conf t

3) isakmp nat-traversal 20

4) exit

5) wr mem

Thanks for your advise in advance.

Correct Answer
ggilbert Thu, 03/29/2007 - 09:47

Telnet to PIX firewall.

go to the enable mode by typing "enable"

then type "config t"

Follow steps from 3 to 5

Rate this post, if it helps!!

Thanks

Gilbert

seokbeelim Thu, 03/29/2007 - 20:30

Hi Gilbert,

I've followed through all the steps to change the configuration in PIX firewall. The command seems not working, I've attached the command screen shot. Please help.

Attachment: 
Correct Answer
ggilbert Fri, 03/30/2007 - 06:06

I guess, you fat fingered the command.

isakmp nat-traversal 20

its not

isakmp net-traversal 20

Try that out.

Thanks

Gilbert

Actions

This Discussion