Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
2
Replies

ipsec vpn and pix 515e

ericheades
Level 1
Level 1

‎11-06-2007 07:55 AM - edited ‎02-21-2020 03:21 PM

I have a network behind a 515e pix, and I need to get multiple users to connect out to a remote ipsec vpn, but I am having trouble doing it. I think that I have done everything correctly, including the configuration of nat-t, but the client software (IBM global client) always fails on key negotiation. According to the vpn provider, the error that comes up refers to a firewall error. This pix is also a vpn endpoint for multiple site to site vpns. Is that causing a problem? Also, do I need multiple ip addresses to do this, or am I fine using pat.

Thanks

Eric Eades

Labels:
0 Helpful
2 Replies 2

ebreniz
Level 6
Level 6

‎11-13-2007 11:11 AM

You can resolve this issue by - port address translation. The only workaround to support multiple concurrent user is to have

them assigned to different groups using different UDP ports. VPN Client GUI Error Lookup Tool:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a00801f253d.shtml

0 Helpful

srue
Level 7
Level 7
In response to ebreniz

‎11-13-2007 11:36 AM

if your pix is running 7.x or newer, you can enable ipsec inspection.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents