×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco VPN behind Pix 515

Unanswered Question
Nov 13th, 2002
User Badges:

We have a Pix 515. We want ot VPN into other customers with the 3.62 client. The IPSec connection completes but we cannot ping or access any hosts on the remote network. Is there anything that needs to be done on the pix to allow this? I am using NAT for the hosts that need to do this so I have a static mapping between a priv and pub address.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kdurrett Fri, 11/15/2002 - 17:41
User Badges:

Are you getting encrypts on your client? Do you know if your getting decrypts/and or encrypts on the remote pix? Finding this out will help figure out which side the problem is on. You will need an access-list on your pix permiting esp from the remote network to your static public ip address.


Kurtis Durrett

exigent Fri, 11/15/2002 - 19:18
User Badges:

Kurtis,


Interesting. I will have to check this out on Monday. I'll let you know. Thanks!

exigent Wed, 11/27/2002 - 12:50
User Badges:

Kurtis,


The ESP did it! Thank you very much!!! I did a access-list out permit esp any any.


I really appreciate it!


Sincerely,


Alex


anavarro Fri, 11/15/2002 - 23:04
User Badges:

If your PATing it will not work. You must have a one to one nated address in order to be able to vpn from the inside going out through pix. If you customer has a vpn concentrator he could set it up to allow ipsec through tcp and that would work fine.

Actions

This Discussion