03-29-2007 03:23 AM - edited 02-21-2020 01:27 AM
My company has setup the PIX 506E Firewall to be accessible by users remotely. We have setup by grouping to access to different server.
My problem is when I am connected to the internet via a broadband connection, I am able to login and access to authorised servers. However, when I am connecting to the internet via 3G connection, I am able to login to VPN but unable to communicate with the servers.
When I am connecting via broadband connection, a dynamic IP is assigned in the range 60.xxx.xxx.xxx. When I login to VPN, secondary IP assigned is 192.168.xxx.xxx which is my office IP address range.
When I am connecting via 3G internet connection, a dynamic IP assigned is in the range of 10.xxx.xxx.xxx. When I login to VPN, I still got the office IP range 192.168.xxx.xxx.
Please advise whether is there any settings that I need to change/configure in the PIX Firewall or what could be the reason of this problem.
Many thanks in advance.
Solved! Go to Solution.
03-29-2007 09:47 AM
Telnet to PIX firewall.
go to the enable mode by typing "enable"
then type "config t"
Follow steps from 3 to 5
Rate this post, if it helps!!
Thanks
Gilbert
03-30-2007 06:06 AM
I guess, you fat fingered the command.
isakmp nat-traversal 20
its not
isakmp net-traversal 20
Try that out.
Thanks
Gilbert
03-29-2007 06:53 AM
So, when you connect through the 3G internet connection, seems like you get a 10.x.x.x which is being NAT'ted somewhere.
If that is the case, then you might want to see if you are doing NAT-T on the PIX firewall.
isakmp nat-traversal 20
That would be the command to enable which will allow you to use UDP 4500.
Let me know how that works out.
Thanks
Gilbert
03-29-2007 07:07 AM
Hi Gilbert,
Thanks a lot for your reply.
Actually, I'm not the person who setup this Firewall and I have very little knowledge on PIX Firewall. I would like to confirm the following steps to perform the command you provided:
1) Login (Telnet) to the PIX firewall
2) conf t
3) isakmp nat-traversal 20
4) exit
5) wr mem
Thanks for your advise in advance.
03-29-2007 09:47 AM
Telnet to PIX firewall.
go to the enable mode by typing "enable"
then type "config t"
Follow steps from 3 to 5
Rate this post, if it helps!!
Thanks
Gilbert
03-29-2007 08:30 PM
03-30-2007 06:06 AM
I guess, you fat fingered the command.
isakmp nat-traversal 20
its not
isakmp net-traversal 20
Try that out.
Thanks
Gilbert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: