No Inside Access When VPN'd Into PIX from Behind Linksys Router

Unanswered Question

Hello, everyone. I have a PIX VPN/firewall that works great for providing VPN access from behind other NAT'd firewalls (Apple AirPort, Cisco PIX), but when I try to VPN from behind a Linksys WRT54G (firmware 8.0.0.2), I can authenticate the IPSec connection, but can't see any clients on the remote network. I have VPN passthrough enabled on the Linksys, and wouldn't think it would be something in my PIX config, but thought I'd post it here and see what you all thought.

Many, thanks!

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Mon, 02/04/2008 - 13:00

Can you post the output of "show crypto ipsec sa" for this specific vpn client session after you connect to the pix and not able to ping the internal network.

Also, what do you see under packet encrypts and decrypts on the client. Do you see packet being sent and not received.

Regards,

Arul

** Please rate all helpful posts **

kbilbee Wed, 02/06/2008 - 19:23

I am having the same Issue. Here is a

The Packest under statistics

Encrypted: 164 and rising

Decrypted: 0

Discarded: 4

Bypassed : 97 and rising

Crypto map tag: cisco, seq num: 1, local addr: 192.168.200.253

local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

remote ident (addr/mask/prot/port): (169.14.133.63/255.255.255.255/0/0)

current_peer: 192.168.200.26, username: kevinbilbee

dynamic allocated peer ip: 169.14.133.63

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

#pkts decaps: 79, #pkts decrypt: 79, #pkts verify: 79

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0

local crypto endpt.: 192.168.200.253, remote crypto endpt.: 192.168.200.2

path mtu 1500, ipsec overhead 58, media mtu 1500

current outbound spi: 75046F60

inbound esp sas:

spi: 0xE54F6DE0 (3847187936)

transform: esp-3des esp-md5-hmac none

in use settings ={RA, Tunnel, }

slot: 0, conn_id: 6, crypto-map: cisco

sa timing: remaining key lifetime (sec): 28740

IV size: 8 bytes

replay detection support: Y

outbound esp sas:

spi: 0x75046F60 (1963224928)

transform: esp-3des esp-md5-hmac none

in use settings ={RA, Tunnel, }

slot: 0, conn_id: 6, crypto-map: cisco

sa timing: remaining key lifetime (sec): 28739

IV size: 8 bytes

replay detection support: Y

kbilbee Wed, 02/06/2008 - 19:37

I figured outmy issue it was an access-list issue. I had a typographical error.

Arrrrgggggg!!!!

Actions

This Discussion