Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ping SCO-BOX behind pix501 firewall

Hello,

I have a vpn server configured on the pix501 using ipsec. I can vpn without any problem through the pix501 and access resources on my win2000 server which is behind the firewall.

When I am connected through the vpn, i can ping any computers, printers and tcp/ip devices on the local area network, ie: 192.168.3.x.

The only problem is pinging a SCO-UNIX on my LAN ie: 192.168.3.50

I get reply timout from the ping. What gives?

I am assuming the the SCO-UNIX box can not handle encrypted tunneling traffic through the vpn services.

what do you think?

travis,

4 REPLIES
New Member

Re: ping SCO-BOX behind pix501 firewall

PIX will handle the encryption and decryption, so it is the clear traffic reach to your SCO-UNIX box.

It is normally a routing issue.

Please check the routing in that SCO-UNIX box.

Is that SCO-UNIX box default gateway point to your PIX inside interface ?

If not, if you assing the VPN pool 192.168.1.x, you need add a static route for that pool in the SCO-UNIX box.

Best Regards,

New Member

Re: ping SCO-BOX behind pix501 firewall

I don't believe the default gateway on sco-unix is pointing to the inside pix int. I'll check.

Everyone else running pcs (98,xp2000) can ping the sco-unix except the vpn-connected pc.

the sco-unix box is on the same subnet (ie: 192.168.3.x) as the rest of the LAN.

thanks,

travis,

New Member

Re: ping SCO-BOX behind pix501 firewall

In the same subnet 192.168.3.x all using broadcasting to find each other.

This is reason why there is no routing issues there.

But the VPN clients is in different subnet, they need the return routes to make it working.

I think all your other PCs , 98, xp,2000 default gateway is the PIX inside interface, but the Sco-unix is not. Add a return route inthe Unix box will do.

Best Regards,

New Member

Re: ping SCO-BOX behind pix501 firewall

that make a lot of sense. thank you for your help.

Travis,

120
Views
0
Helpful
4
Replies
CreatePlease to create content