I have a PIX 515 with a dyn VPN connection set up. All is well when connect from home (using the Cisco VPN Client) from behind my linksys router. When I am at another site that has a PIX as a firewall I can auth to the remote PIX 515 but cannot access the remote LAN.
Any ideas as to what the problem might be? I assume its something on the firewall but I have no idea.
Any help is much appreciated.
It looks like NAT-traversal issue, try command
isakmp nat-traversal 20
on your pix in global configuration menu
Hope that helps
i have the same problem over the same PIX515, i supose the rule to allow "bypass" the traffic must be set over the PIX where the VPN client is behind,, but what kind of rule>?
thanks in advanced
Have you iniate a clear ipsec sa or clear isakmp sa command on the pix.
Also found this interesting doc...
just a bit add-on.
the ports need to be permitted on the pix (the one deployed on the client end) are udp 500, and udp 4500.
Thanks a lot for your help,,
but it didnt work,, a permit the trafic in this way:
access-list in_access permit udp any any eq isakmp
access-list in_access permit udp any any eq 4500
access-list in_access permit tcp any any eq 4500
applied over the Outside interface,, the VPN connection is established, even the Radius remote auth is validated, but cannot ping or pass the traffic with the IP vpngroup assigned...
any suggestion? is the permited ports correctly applied.....
Just to add on,i sniffer on my interface;
located behind another PIX- 0 outgoing packets
located behind a dial up - >0 outgoing packets.
Could this be due to some configurations on the client side?