cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
214
Views
0
Helpful
1
Replies

PIX 506E VPN Troubles

frank-roy
Level 1
Level 1

I have a PIX 506E firewall with VPN setup. I have a contractor who connects to our network (via VPN Client Version 4.6) and the problem is that even though the connection appears to have worked (they get an IP out of the designated pool) they have no access to network resources. They can't ping any computers on my network or anything. Sometimes it works sometimes it doesn't (not consistent on any IP's) More than one person connects from their office and it seems that only one of them can connect at a time and once that person logs off and another one tries to connect they claim that there is a period of time in which it won't let them connect and then all of a sudden they connect. I do not have the issues with other clients in this regard however some of them do say that occasionally they will get disconnected while there in the middle of doing something. If anybody has any advice please help

Thanks

1 Reply 1

aashish.c
Level 4
Level 4

Hi,

Issue1 : VPN clients not able to ping/access internal PCs or resources.

Sol: 1) Check that you are not using overlapping IP addresses for VPN pool. VPN pool range should be totally different than any network which is used in your network.

2) Behind the PIX, if there is any L3 device then make sure that it has the route to reach back the VPN clients. ie. to the VPN pool assigned to remote clients.

Issue2: Not more than 1 user can connect

Sol: I belive that your contractor`s officials are behind a NAT/PAT boundary. You enable "ISAKMP NAT-T" on pix and then check out the behaviour. Here is how you can enable it :

pix(config)#isakmp nat-traversal

HTH

regards

aashish C

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: