Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PC VPN client terminating to PIX through IOS IPSEC router issue

Hi all,

I have a 1712 router at my office where I have it configured to accept IPSEC VPN connections. I noticed, however, when I try to connect using VPN client from within my office to a remote office with a PIX, through the 1712 router, I fail. Observing the 1712 loggs during my trials I see that the router somehow intercepts my VPN traffic, thinking that the VPN tunnel should be between him and the PIX. I have no problems when I try to connect through any other router that does not do IPSEC.

I am attaching the configuration files of both the PIX and the router.

Any help is appreciated.

2 REPLIES
Bronze

Re: PC VPN client terminating to PIX through IOS IPSEC router is

Hi,

Seems the problem is because you are NATTing your internal subnet to the router's public IP itself.

The router sees the return traffic for the VPN clients destined to it’s public IP and start processing it.

Two options that can be thought of are:

1.) Use a different NAT IP for the VPN client traffic.

2.) Upgrade the PIX to v7 & use IPSec over TCP option.

HTH

Regards,

Shijo George.

New Member

Re: PC VPN client terminating to PIX through IOS IPSEC router is

George,

Thanks for the reply. Are you suggesting that the problem is on the remote PIX configuration and not on the IOS VPN router?

I only have a single public IP and therefore I cannot use another IP for NAT. Upgrading to PIX v7 is not a feasible option at this time either.

96
Views
0
Helpful
2
Replies
CreatePlease login to create content