VPN client can't ping remote site going thru local PIX

Unanswered Question

I just upgraded from a Pix 506e v6.3(5) to a PIX 515e with v8.0(3)in my home office. Unfortunately, I'm no longer able to use the Cisco VPN client to ping or RDP to remote locations. On my previous 506e, I was able to connect from my house going through the 506e and terminated a VPN session on the customer PIX or ASA devices. From there, I was able to ping or RDP to servers and workstations. On my previous 506e, I enabled esp-ike under the fixup protocols and used an ACL for esp, isakmp, and ipsec. Now that I have a 515e with 8.0(3), the esp-ike is no longer a supported command, therefore I added NAT-T, verified the VPN client transport tab was set to use IPSEC over UDP. I've tried everything I could read through on the support forums and still no luck. What am I missing? or is this impossible to go through a local PIX to a remote PIX using a VPN client? I do not want to use the Easy VPN options as I provide remote server support for over a dozen business customers. Any help would be greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 08/25/2008 - 17:13
User Badges:
  • Green, 3000 points or more

add this to your global polciy for IPsec pass through for ( Cisco VPN Client ) to be able to vpn outbound from behing the PIX/ASA applience.

IPsec-Cisco-VPN-CLIENT pass through

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)# class inspection_default

ciscoasa(config-pmap-c)# inspect ipsec-pass-thru


save config and try to vpn, let us know how it works out.

some additional info for ipsec pass through inspection.





This Discussion