Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IPsec client connection

I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.

The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.

When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside: ( to NP Identity Ifc: ( (userid)

Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside: to NP Identity Ifc: duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside: ( to NP Identity Ifc: ( (userid) is the pool allocated VPN address. is the inside address of the firewall.

I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.

Suggestions appreciated.


Re: IPsec client connection

Hi Mark, ¨

try adding statement

management-access inside

it should provide for firewall management over IPsec tunnel, see if that helps.



Re: IPsec client connection


statement is already there..


Re: IPsec client connection

I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.