Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
5
Replies

VPN Access through different connectivity

Go to solution
seokbeelim
Level 1
Level 1

‎03-29-2007 03:23 AM - edited ‎02-21-2020 01:27 AM

My company has setup the PIX 506E Firewall to be accessible by users remotely. We have setup by grouping to access to different server.

My problem is when I am connected to the internet via a broadband connection, I am able to login and access to authorised servers. However, when I am connecting to the internet via 3G connection, I am able to login to VPN but unable to communicate with the servers.

When I am connecting via broadband connection, a dynamic IP is assigned in the range 60.xxx.xxx.xxx. When I login to VPN, secondary IP assigned is 192.168.xxx.xxx which is my office IP address range.

When I am connecting via 3G internet connection, a dynamic IP assigned is in the range of 10.xxx.xxx.xxx. When I login to VPN, I still got the office IP range 192.168.xxx.xxx.

Please advise whether is there any settings that I need to change/configure in the PIX Firewall or what could be the reason of this problem.

Many thanks in advance.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to seokbeelim

‎03-29-2007 09:47 AM

Telnet to PIX firewall.

go to the enable mode by typing "enable"

then type "config t"

Follow steps from 3 to 5

Rate this post, if it helps!!

Thanks

Gilbert

View solution in original post

0 Helpful

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to seokbeelim

‎03-30-2007 06:06 AM

I guess, you fat fingered the command.

isakmp nat-traversal 20

its not

isakmp net-traversal 20

Try that out.

Thanks

Gilbert

View solution in original post

0 Helpful
5 Replies 5

Go to solution
ggilbert
Cisco Employee
Cisco Employee

‎03-29-2007 06:53 AM

So, when you connect through the 3G internet connection, seems like you get a 10.x.x.x which is being NAT'ted somewhere.

If that is the case, then you might want to see if you are doing NAT-T on the PIX firewall.

isakmp nat-traversal 20

That would be the command to enable which will allow you to use UDP 4500.

Let me know how that works out.

Thanks

Gilbert

0 Helpful

Go to solution
seokbeelim
Level 1
Level 1
In response to ggilbert

‎03-29-2007 07:07 AM

Hi Gilbert,

Thanks a lot for your reply.

Actually, I'm not the person who setup this Firewall and I have very little knowledge on PIX Firewall. I would like to confirm the following steps to perform the command you provided:

1) Login (Telnet) to the PIX firewall

2) conf t

3) isakmp nat-traversal 20

4) exit

5) wr mem

Thanks for your advise in advance.

0 Helpful

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to seokbeelim

‎03-29-2007 09:47 AM

Telnet to PIX firewall.

go to the enable mode by typing "enable"

then type "config t"

Follow steps from 3 to 5

Rate this post, if it helps!!

Thanks

Gilbert

0 Helpful

Go to solution
seokbeelim
Level 1
Level 1
In response to ggilbert

‎03-29-2007 08:30 PM

Hi Gilbert,

I've followed through all the steps to change the configuration in PIX firewall. The command seems not working, I've attached the command screen shot. Please help.

Preview file
41 KB
0 Helpful

Go to solution
ggilbert
Cisco Employee
Cisco Employee
In response to seokbeelim

‎03-30-2007 06:06 AM

I guess, you fat fingered the command.

isakmp nat-traversal 20

its not

isakmp net-traversal 20

Try that out.

Thanks

Gilbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card