IPsec client connection

Unanswered Question
Jan 30th, 2008
User Badges:
  • Bronze, 100 points or more

I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.


The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.


When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.


Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)

Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside:10.20.1.226/2800 to NP Identity Ifc:10.20.1.253/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)


10.20.1.226 is the pool allocated VPN address.

10.20.1.253 is the inside address of the firewall.


I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.


Suggestions appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mark.j.hodge Wed, 01/30/2008 - 08:53
User Badges:
  • Bronze, 100 points or more

Jorge,


statement is already there..


Mark

mark.j.hodge Wed, 01/30/2008 - 09:35
User Badges:
  • Bronze, 100 points or more

I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.

Actions

This Discussion