Re: Cisco VPN client 4.0.3

mtremblay · ‎12-01-2003

Hi,

No one replied to my last post, I'm hoping someone can give me a hand here.

I just finished configurating a vpn connection on my PIX 506E firewall. Now my problem seems to be when I connect, I can't ping any machines, and I can't browse the network. I've enabled "allow LAN access" on the client but I still don't seem to have access. In the log I have the following message "Sev=Warning/2 IKE/0xA3000067 Received Unexpected InitialContact Notify (PLMgrNotify:841). I've read the following article "http://www.cisco.com/warp/customer/471/vpn-net-hood.html#ping" but it hasn't really helped me. Has anyone experienced this before? Any help would be greatly appreciated.

Thanks

thomas.chen · ‎12-05-2003

Hi,

Are you using NAT by any chance, Because I have seen problems when NAT is used.

Check your IP Sec configurations, especially the phase 1 (isakmp policies) configurations.

u.naranjo · ‎01-30-2004

I had the same issue with a 515 and 501 pix and after I use the following command, I was able to ping the inside hosts:

isakmp nat-traversal 20

Uriel Naranjo.

shannong · ‎01-30-2004

It's probably a NAT or ACL issue. Post your VPN config including any commands starting with [crypto] and [isakmp].

You need to make sure tha internal traffic isn't NATted [nat 0] when returning to the tunnel. Also, you must either use [sysopt connection permit-ipsec] or create ACL entries on the outside interface to allow your tunneled traffic in.