VPN Prob..

Unanswered Question
Feb 12th, 2008

I have a Cisco PIX 515E firewall which I have config.. VPN on it, the VPN has been working with no prob.. for the past 3 years now, now I am getting a prob.. when I connect to the VPN it connect but I can't ping any server any more, when I look in the stat.. I see that I am only sending packets but not receiving any packets which is 0.

Can anyone tell me why this is so?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JORGE RODRIGUEZ Tue, 02/12/2008 - 21:47

Could you post configuration or verify whether crypto iskamp nat-traversal exists in your configuration, if not add statement and try if does not resolve please post config.



JORGE RODRIGUEZ Thu, 02/14/2008 - 21:05

in cli issue :

show run | inc isakmp

you should see a line statement as isakmp nat-traversal 20

if you do not have it in config try adding it as bellow and see if resolves problem.

PIX(config)#crypto isakmp nat-traversal



s_mcanuff Fri, 02/15/2008 - 05:37

Jorge; Thanks for your help, however can u just explain that command? if that is not too much for u

JORGE RODRIGUEZ Fri, 02/15/2008 - 08:26

Shane, this command may or may not resolve your issue, however, this statement is among troubleshooting steps process when it comes to Ipsec RA tunnels. What this command does when enable it allows VPN traffic to pass through nat/pat devices that may be encounter in between the source vpn client and your VPN server end point PIX/ASA. In many cases when this is disabled vpn client may successfully authenticate and connect but access to the internal network behind firewall is not possible.

In other words NAT traversal makes both ends automatically determined if there are any NAT/PAT devices in between the path.. since you asked what this does here is a good article on it http://technet.microsoft.com/en-us/library/bb878090.aspx

lets help resolve your problem



s_mcanuff Fri, 02/15/2008 - 18:07

Jorge, Thx alot for your help, it is working now when I test it I can access the LAN now

JORGE RODRIGUEZ Fri, 02/15/2008 - 20:09

Shane, thank you for posting the update and glad it is working .. please rate post if it did help.

Best Rgds



This Discussion