03-29-2007 03:23 AM - edited 02-21-2020 01:27 AM
My company has setup the PIX 506E Firewall to be accessible by users remotely. We have setup by grouping to access to different server.
My problem is when I am connected to the internet via a broadband connection, I am able to login and access to authorised servers. However, when I am connecting to the internet via 3G connection, I am able to login to VPN but unable to communicate with the servers.
When I am connecting via broadband connection, a dynamic IP is assigned in the range 60.xxx.xxx.xxx. When I login to VPN, secondary IP assigned is 192.168.xxx.xxx which is my office IP address range.
When I am connecting via 3G internet connection, a dynamic IP assigned is in the range of 10.xxx.xxx.xxx. When I login to VPN, I still got the office IP range 192.168.xxx.xxx.
Please advise whether is there any settings that I need to change/configure in the PIX Firewall or what could be the reason of this problem.
Many thanks in advance.
Solved! Go to Solution.
03-29-2007 09:47 AM
Telnet to PIX firewall.
go to the enable mode by typing "enable"
then type "config t"
Follow steps from 3 to 5
Rate this post, if it helps!!
Thanks
Gilbert
03-30-2007 06:06 AM
I guess, you fat fingered the command.
isakmp nat-traversal 20
its not
isakmp net-traversal 20
Try that out.
Thanks
Gilbert
03-29-2007 06:53 AM
So, when you connect through the 3G internet connection, seems like you get a 10.x.x.x which is being NAT'ted somewhere.
If that is the case, then you might want to see if you are doing NAT-T on the PIX firewall.
isakmp nat-traversal 20
That would be the command to enable which will allow you to use UDP 4500.
Let me know how that works out.
Thanks
Gilbert
03-29-2007 07:07 AM
Hi Gilbert,
Thanks a lot for your reply.
Actually, I'm not the person who setup this Firewall and I have very little knowledge on PIX Firewall. I would like to confirm the following steps to perform the command you provided:
1) Login (Telnet) to the PIX firewall
2) conf t
3) isakmp nat-traversal 20
4) exit
5) wr mem
Thanks for your advise in advance.
03-29-2007 09:47 AM
Telnet to PIX firewall.
go to the enable mode by typing "enable"
then type "config t"
Follow steps from 3 to 5
Rate this post, if it helps!!
Thanks
Gilbert
03-29-2007 08:30 PM
03-30-2007 06:06 AM
I guess, you fat fingered the command.
isakmp nat-traversal 20
its not
isakmp net-traversal 20
Try that out.
Thanks
Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide