I am a novice/new cisco user. I have been struggling trying to configure a Cisco Pix 501 to allow passthrough of VPN traffic. I have reviewed many articles and posts but have not had success in putting the proper configuration together. I am running a Symantec VPN client to a Symantec Security Gateway. The VPN works fine when the PIX is out of the configuration.
The Pix is version 6.3 and I also have PDM 3.0 working. I am new to the routing world. I understand most concepts but I seem to be missing a vital piece of information. The error on the symantec VPN client is as follows. Error connecting tunnel to xxx.xxx.xxx.xxx. The server rejected the ISAKMP Security association. Make sure the Phase1 ID's, shared key and IKE policy are correct.
I dont know if it works in 6x IOS but here is another inspection
fixup protocol ipsec-pass-thru
Also make sure that you did a one-to-one static mapping (conduits used in legacy IOS) for an unused public IP of yours because you can not PAT gre or esp to an internal host. And you may also need an outside acl
Thank you for your replies. I can not still get it to function. We will be replacing this configuration soon with new equipment. I will then have better tech support onsite. I will also be taking classes.
Are there any access-list on the Pix applied inbound. If so, after you configured the Pix 501 with "fixup protocol esp-ike" command, did you permit ESP in the access-list. I have seen some configuration were the esp-ike works only when there is an inbound ACL that permits ESP.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...