Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
228
Views
0
Helpful
2
Replies

Cannot VPN to network through PIX501

Go to solution
gaban
Level 1
Level 1

‎11-25-2002 03:22 PM - edited ‎02-21-2020 12:11 PM

I have a pix 501 at home. When I try to VPN in to our network via the VPN client I get authenticated but cannot get to our internal network. When I use my netgear router instead of the PIX I can VPN in and get to out internal network. Do I need to open some ports (if so what ports) on the PIX or Do i need to changed some configuration on the VPN client.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎11-25-2002 05:27 PM

The problem is the PIX doesn't support IPSec and PAT until 6.3 code coming out next year. Your VPN tunnel is built on UDP port 500 packets, which the PIX can PAT properly. After that, all your packets are ESP packets, which is IP protocol 50 which the PIX can't PAT. If you have a second IP address from your ISP you can create a static NAT translation in the PIX for your inside PC and this will work properly.

Alternatively, if your VPN client supports some sort of IPSec encapsulation in TCP or UDP packets, then use that and it'll work fine too.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎11-25-2002 05:27 PM

The problem is the PIX doesn't support IPSec and PAT until 6.3 code coming out next year. Your VPN tunnel is built on UDP port 500 packets, which the PIX can PAT properly. After that, all your packets are ESP packets, which is IP protocol 50 which the PIX can't PAT. If you have a second IP address from your ISP you can create a static NAT translation in the PIX for your inside PC and this will work properly.

Alternatively, if your VPN client supports some sort of IPSec encapsulation in TCP or UDP packets, then use that and it'll work fine too.

0 Helpful

Go to solution
gaban
Level 1
Level 1
In response to gfullage

‎11-25-2002 08:55 PM

Thanks for the reply. We are actually using vpn 3015 and for the client I use vpn client 3.6.2 by cisco. I believe there is a way to encap IPSEC via tcp setting on the 3015. Let me know if I am wrong but I will take a look.

0 Helpful
Customers Also Viewed These Support Documents