×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

Unanswered Question
Jan 10th, 2002
User Badges:

Has anyone got the vpn client to work with a pix with the client behind a firewall? It appears the client/pix will not negotiate to use esp/udp. (I have the udp box checked). So, far from what I have found on the Internet is that the client will not work with a PIX if the client is behind a FW because the PIX has to tell the client to use UDP. Is there some setting on the PIX that will tell the client to use udp?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
s.buskus Fri, 01/11/2002 - 08:27
User Badges:

If your client is behind a firewall it will not work unless you create a static map for the client IP on the firewall. The pix does not support UDP passthrough. It would be nice to know if there are any plans for the PIX to support UDP passthrough. Otherwise the VPN client with the PIX is useless.

HEATH FREEL Fri, 04/26/2002 - 04:55
User Badges:

You can never ping the inside interface of a pix from the outside.

marcusl Sun, 01/13/2002 - 07:48
User Badges:

There is afaik no way to get esp/udp to work but to use the VPN concentrator instead.

However, there is a walk-around.

It's possible to use PPTP in this scenario, PPTP is (imho) not nearly as good or useful as IPSec but it will save your a*s since you can still establish connectivity from the client behind the firewall with the exisiting equipment :-)

The reason why the UDP checkbox is even present (since it won't work) is due to the fact that it is the same client that is used with the VPN 3000 (which supports this scenario).

/M

s.buskus Fri, 04/26/2002 - 05:31
User Badges:

Both the PIX and Router IOS do not support UDP pass-through. I was told by Cisco they expect the IOS 12.2.14 to have this feature. I'm not sure when PIX will support it.

Actions

This Discussion