Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ipsec vpn and pix 515e

I have a network behind a 515e pix, and I need to get multiple users to connect out to a remote ipsec vpn, but I am having trouble doing it. I think that I have done everything correctly, including the configuration of nat-t, but the client software (IBM global client) always fails on key negotiation. According to the vpn provider, the error that comes up refers to a firewall error. This pix is also a vpn endpoint for multiple site to site vpns. Is that causing a problem? Also, do I need multiple ip addresses to do this, or am I fine using pat.

Thanks

Eric Eades

2 REPLIES
Silver

Re: ipsec vpn and pix 515e

You can resolve this issue by - port address translation. The only workaround to support multiple concurrent user is to have

them assigned to different groups using different UDP ports. VPN Client GUI Error Lookup Tool:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a00801f253d.shtml

Gold

Re: ipsec vpn and pix 515e

if your pix is running 7.x or newer, you can enable ipsec inspection.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213

103
Views
0
Helpful
2
Replies
CreatePlease to create content