Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
4
Replies

PIX 506e with Cisco VPN client works except for...

rmiles
Level 1
Level 1

‎01-13-2004 07:55 PM - edited ‎02-21-2020 01:00 PM

We are temporarily using a PIX 506e to terminate VPN connections. We have set up the PIX to allow our administrators to use the Cisco VPN client to land directly on the interior of our LAN. Every application works (Outlook, all admin tools, etc) with the exception of one tool, Funk Proxy. It's a remote control app that we use to control all servers and PC's on our network. The app can poll all clients on the network and that part works fine. But when you attempt to connect to a machine it prompts for the password as it should and then connects. But it will only paint a few lines of the desktop then stop. After about ~20 seconds it errors out saying the client ended the connection. We currently use this Funk Proxy app with a Nortel Contivity VPN and it works fine.

Any ideas what on the PIX could be causing this problem?

Thanks

Labels:
0 Helpful
4 Replies 4

jeff.roback
Level 1
Level 1

‎01-15-2004 02:41 PM

Does the funk proxy make use of broadcasts or multicasts to do screen painting? One conceptual difference between pix VPNs and Nortel VPNs is that the Pix creates a new subnet for VPN clients and routes traffic inbetween (and thus needs to be the default gateway, or have that subnet reachable from the default gateway).

Nortel VPN concentrators (and the Cisco 3000 concentrators) have the option to put vpn clients on the same local network as the concentrator's inside interface, and just proxy arp for the clients.

0 Helpful

rmiles
Level 1
Level 1
In response to jeff.roback

‎01-15-2004 04:51 PM

I don't know if it uses broadcasts or multicasts. I'm not really sure how it would even do that?

Here's a quick summary of our network.

Main network: 172.16.16.0/20 (172.16.16.0-172.16.31.255)

The PIX's outside interface is on the internet 4.x.x.x

The PIX's inside interface is 172.16.18.209/20

The VPN client pool is 172.16.31.224/29.

From the 172.16.31.224/29 network you can access the rest of our 172.16.16.0/20. The only thing that doesn't work is this Funk Proxy application. Seeing as the VPN client lands you in our 20 bit I don't see why it shouldn't work.

Thanks

0 Helpful

falain
Level 1
Level 1
In response to rmiles

‎01-16-2004 06:02 AM

Also have the same problem with Proxy.

I tried VNC (freeware) successfully.

The main difference between them is that proxy uses UDP

and VNC uses TCPIP ans is more optimized for Wan.

I suppose Proxy is more sensitive to timeouts.

I thought it was able to use TCP/IP but on line help doesn't explain how.

0 Helpful

rmiles
Level 1
Level 1
In response to falain

‎01-16-2004 09:28 AM

I think you are correct. I found the link stating that TCP can be used in Proxy version 4.10. So I installed 4.10.3 host and master. I then went into the clients protocol options and disabled UDP. I am now able to connect using the PIX VPN.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents