Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix

i have PIX box with image 6.3.I have configured VPN service on it. It has one Interface configured with Public ip.

I'm trying to access this VPN service through a Natted Traffic. IT connects , but i'm unable to connect any of my LAn servers.I 'm not able to ping. I have allowed all the traffic ....

But when i connect the VPN service from Dialup , where i get a Public IP from the ISP, it connects all my LAN servers without any problem.

I'm using CISCO VPN client version 4.0.2

What could be wrong ?Please help

Regards ...m

6 REPLIES

Re: pix

When you connect onto a VPN client, you will be getting an IP from the Local LAN (IP pool configured on the PIX, which logically takes you inside your local network.

Where are you trying your VPN connectivity from (with regards to natted traffic). Are you trying to form a tunnel between another office?

Are you natting or patting the traffic in this case ?

cheers!!

New Member

Re: pix

you may need to make sure that the NATed ip is static map (and not dynamic with pat).

Also, you may be crossing some firewall ... allow ah and esp protocols to pix external ip in that firewall.

regds

rakesh

======

Re: pix

rakesh,

I had tested with both static & dynamic NAT's and the VPN client works !!!

I dont think static NAT is really required. The only thing that is important is that the firewall should allow all the ports specified by you.

cheers

New Member

Re: pix

you are right.. But dynamic with PAT will not work. It requires its own dedicated external IP and not shared one...

Please correct me if this is wrong.

regds

Rakesh

=====

Re: pix

Dynamic with PAT works !! I had tried simulating the same and it worked. But i had established only one tunnel from the inside LAN. need to test with a couple of machines going out with the same PAT IP. Have you tested this ?

New Member

Re: pix

thanks for the reply

In the past i have fixed vpn problem by making those client m/cs with static IPs..

this is good findings. MAy be i also need to look at client settings/properties.

regds

RAkesh

=====

105
Views
0
Helpful
6
Replies