Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IPsec client connection

I have setup a IPsec VPN Client connection to a PIX515 Firewall pair. It works as expected in most respects, I can gain access to all devices on the internel network, except the active firewall. I can ping the inside address, but not telnet,ssh or asdm.

The PIX is running 8.0(3) software, I have checked the nat0 access list and it looks fine. I have confirmed that "management-access inside" has been configured.

When I try and connect (ssh) I get the following error messages (sanitised), but cannot find any information on NP Identity.

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 760 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)

Jan 30 2008 16:46:16: %PIX-6-302014: Teardown TCP connection 760 for outside:10.20.1.226/2800 to NP Identity Ifc:10.20.1.253/22 duration 0:00:00 bytes 0 Flow terminated by TCP Intercept (userid)

Jan 30 2008 16:46:16: %PIX-6-302013: Built inbound TCP connection 761 for outside:10.20.1.226/2800 (10.20.1.226/2800) to NP Identity Ifc:10.20.1.253/22 (10.20.1.253/22) (userid)

10.20.1.226 is the pool allocated VPN address.

10.20.1.253 is the inside address of the firewall.

I have recently setup a very similar configuration, on an ASA device, running the same software versions and it works fine.

Suggestions appreciated.

3 REPLIES

Re: IPsec client connection

Hi Mark, ¨

try adding statement

management-access inside

it should provide for firewall management over IPsec tunnel, see if that helps.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/m.html#wp1863771

Rgds

Jorge

Re: IPsec client connection

Jorge,

statement is already there..

Mark

Re: IPsec client connection

I tried removing it, and the behaviour changes slightly, without the management-access statement the ssh session closes immediately, with it the session hangs.

143
Views
0
Helpful
3
Replies