Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
2
Replies

Remote VPN on PIX 515 problem...

123456miha
Level 1
Level 1

‎07-11-2009 07:52 AM - edited ‎02-21-2020 03:33 AM

Hello

I have a problem with my PIX firewall.

I configured a Remote VPN server by the ASDM wizard. It was my first try in configuring such type of service.

Now, when i try to connect to PIX from the outside (using Cisco VPN client for windows and GPRS connection), VPN session starts perfectly, i mean that client gets IP from the pool, and in routing table i have all needed routes. But pinging of any IP in the private network fails.

Split tunneling is off, but i can still ping PIX `outside` interface from the WEB.

In ASDM monitoring i can see Remote VPN session, but can't ping external host.

0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎07-12-2009 11:11 AM

Hello Mikhail,

Go over this link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

But pinging of any IP in the private network fails

Enable NAT-T

PIX/ASA 7.1 and earlier

pix(config)#isakmp nat-traversal 20

PIX/ASA 7.2(1) and later

securityappliance(config)#crypto isakmp nat-traversal 20

As for ICMP outbound you probably need couple of things to do.

ICMP inspection, go over this link for allowing ICMP outbound.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

AS for VPN Network be able to go out internet traffic or ping outbound it will go out same interface it came, so you need same sec intra interface command statement in firewall and nat (outside) rule.

e.i - to PAT your VPN network using outside interface #1

same-security-traffic permit intra-interface

nat (outside) 1

Go over this link

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

If issues let us know

Regards

Jorge Rodriguez
0 Helpful

123456miha
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-12-2009 11:25 PM

Thanx... but now I've discovered another problem

First off all, all woks fine... Probably the First faults were because something was wrong with Cisco VPN-Client. I've downloaded another one ant it works fine, even without NAT-T. I am using GPRS connection and I think that NAT isn't so necessary.

But all works fine only in Windows. When I'm trying to use Linux Cisco VPN client system crashes.

While connection establishes all goes fine, system gets IP addres from the pool, in /etc/resolv.conf appears nameserver and domain, but if I try to connect with any host in private network system freezes and only power button helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card