Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Local PIX blocking Local VPN Client from connecting to Remote PIX

I have a PIX-506E set up locally and a PIX-506E set up at a Site 1. I can connect to Site 1 from my backup internet connection which isn't firewalled. When trying to connect to Site 1 through Local PIX I secure the communication tunnel.. but it will not let me remote desktop into any remote machines on that network. It will let me however if I use the non-firewalled backup connection.

Please inform me how to forward/allow access through the Local PIX so that the Local VPN client can access Site 1.

Thank you.

Community Member

Re: Local PIX blocking Local VPN Client from connecting to Remot

BE sure that isakmp nat-t is enabled on your 506 as well as Site1. Also, if you have an access-list on the inside interface of your 506, be sure they allow esp traffic to the public IP address of the Site1 506. Since your tunnel is being built, this seems to be an esp issue. Make sure that esp is allowed from your PC al the way to the remote PCs. Since RDP likes to use enormous packets, this could also be a MTU issue, Can you ping the remote PCs? If so, try lowering your MTU on your local PC to something like 1100. If you cannot ping the remote PC and your tunnel supports split-tunneling, check the "allowed networks" or "secured routes".

Hope this helps.


CreatePlease to create content