IPsec client connection

Unanswered Question
Jan 30th, 2008

I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.

The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.

When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)

Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside:10.20.1.226/2800 to NP Identity Ifc:10.20.1.253/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)

10.20.1.226 is the pool allocated VPN address.

10.20.1.253 is the inside address of the firewall.

I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.

Suggestions appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mark.j.hodge Wed, 01/30/2008 - 09:35

I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.

Actions

This Discussion