cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1638
Views
0
Helpful
6
Replies

Cisco VPN behind Pix 515

exigent
Level 1
Level 1

We have a Pix 515. We want ot VPN into other customers with the 3.62 client. The IPSec connection completes but we cannot ping or access any hosts on the remote network. Is there anything that needs to be done on the pix to allow this? I am using NAT for the hosts that need to do this so I have a static mapping between a priv and pub address.

6 Replies 6

kdurrett
Level 3
Level 3

Are you getting encrypts on your client? Do you know if your getting decrypts/and or encrypts on the remote pix? Finding this out will help figure out which side the problem is on. You will need an access-list on your pix permiting esp from the remote network to your static public ip address.

Kurtis Durrett

Kurtis,

Interesting. I will have to check this out on Monday. I'll let you know. Thanks!

What did you find out?

Kurtis,

The ESP did it! Thank you very much!!! I did a access-list out permit esp any any.

I really appreciate it!

Sincerely,

Alex

anavarro
Level 1
Level 1

If your PATing it will not work. You must have a one to one nated address in order to be able to vpn from the inside going out through pix. If you customer has a vpn concentrator he could set it up to allow ipsec through tcp and that would work fine.

I'm definitely doing NAT.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: