VPN Access through different connectivity

Answered Question
Mar 29th, 2007
User Badges:

My company has setup the PIX 506E Firewall to be accessible by users remotely. We have setup by grouping to access to different server.


My problem is when I am connected to the internet via a broadband connection, I am able to login and access to authorised servers. However, when I am connecting to the internet via 3G connection, I am able to login to VPN but unable to communicate with the servers.


When I am connecting via broadband connection, a dynamic IP is assigned in the range 60.xxx.xxx.xxx. When I login to VPN, secondary IP assigned is 192.168.xxx.xxx which is my office IP address range.

When I am connecting via 3G internet connection, a dynamic IP assigned is in the range of 10.xxx.xxx.xxx. When I login to VPN, I still got the office IP range 192.168.xxx.xxx.


Please advise whether is there any settings that I need to change/configure in the PIX Firewall or what could be the reason of this problem.


Many thanks in advance.

Correct Answer by ggilbert about 10 years 3 months ago

I guess, you fat fingered the command.



isakmp nat-traversal 20


its not


isakmp net-traversal 20




Try that out.


Thanks

Gilbert


Correct Answer by ggilbert about 10 years 3 months ago

Telnet to PIX firewall.


go to the enable mode by typing "enable"


then type "config t"


Follow steps from 3 to 5




Rate this post, if it helps!!


Thanks

Gilbert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
ggilbert Thu, 03/29/2007 - 06:53
User Badges:
  • Cisco Employee,

So, when you connect through the 3G internet connection, seems like you get a 10.x.x.x which is being NAT'ted somewhere.


If that is the case, then you might want to see if you are doing NAT-T on the PIX firewall.


isakmp nat-traversal 20


That would be the command to enable which will allow you to use UDP 4500.


Let me know how that works out.


Thanks

Gilbert

seokbeelim Thu, 03/29/2007 - 07:07
User Badges:

Hi Gilbert,


Thanks a lot for your reply.


Actually, I'm not the person who setup this Firewall and I have very little knowledge on PIX Firewall. I would like to confirm the following steps to perform the command you provided:


1) Login (Telnet) to the PIX firewall

2) conf t

3) isakmp nat-traversal 20

4) exit

5) wr mem


Thanks for your advise in advance.



Correct Answer
ggilbert Thu, 03/29/2007 - 09:47
User Badges:
  • Cisco Employee,

Telnet to PIX firewall.


go to the enable mode by typing "enable"


then type "config t"


Follow steps from 3 to 5




Rate this post, if it helps!!


Thanks

Gilbert

seokbeelim Thu, 03/29/2007 - 20:30
User Badges:

Hi Gilbert,


I've followed through all the steps to change the configuration in PIX firewall. The command seems not working, I've attached the command screen shot. Please help.



Attachment: 
Correct Answer
ggilbert Fri, 03/30/2007 - 06:06
User Badges:
  • Cisco Employee,

I guess, you fat fingered the command.



isakmp nat-traversal 20


its not


isakmp net-traversal 20




Try that out.


Thanks

Gilbert


Actions

This Discussion