Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 506E VPN Troubles

I have a PIX 506E firewall with VPN setup. I have a contractor who connects to our network (via VPN Client Version 4.6) and the problem is that even though the connection appears to have worked (they get an IP out of the designated pool) they have no access to network resources. They can't ping any computers on my network or anything. Sometimes it works sometimes it doesn't (not consistent on any IP's) More than one person connects from their office and it seems that only one of them can connect at a time and once that person logs off and another one tries to connect they claim that there is a period of time in which it won't let them connect and then all of a sudden they connect. I do not have the issues with other clients in this regard however some of them do say that occasionally they will get disconnected while there in the middle of doing something. If anybody has any advice please help



Re: PIX 506E VPN Troubles


Issue1 : VPN clients not able to ping/access internal PCs or resources.

Sol: 1) Check that you are not using overlapping IP addresses for VPN pool. VPN pool range should be totally different than any network which is used in your network.

2) Behind the PIX, if there is any L3 device then make sure that it has the route to reach back the VPN clients. ie. to the VPN pool assigned to remote clients.

Issue2: Not more than 1 user can connect

Sol: I belive that your contractor`s officials are behind a NAT/PAT boundary. You enable "ISAKMP NAT-T" on pix and then check out the behaviour. Here is how you can enable it :

pix(config)#isakmp nat-traversal



aashish C