01-13-2004 07:55 PM - edited 02-21-2020 01:00 PM
We are temporarily using a PIX 506e to terminate VPN connections. We have set up the PIX to allow our administrators to use the Cisco VPN client to land directly on the interior of our LAN. Every application works (Outlook, all admin tools, etc) with the exception of one tool, Funk Proxy. It's a remote control app that we use to control all servers and PC's on our network. The app can poll all clients on the network and that part works fine. But when you attempt to connect to a machine it prompts for the password as it should and then connects. But it will only paint a few lines of the desktop then stop. After about ~20 seconds it errors out saying the client ended the connection. We currently use this Funk Proxy app with a Nortel Contivity VPN and it works fine.
Any ideas what on the PIX could be causing this problem?
Thanks
01-15-2004 02:41 PM
Does the funk proxy make use of broadcasts or multicasts to do screen painting? One conceptual difference between pix VPNs and Nortel VPNs is that the Pix creates a new subnet for VPN clients and routes traffic inbetween (and thus needs to be the default gateway, or have that subnet reachable from the default gateway).
Nortel VPN concentrators (and the Cisco 3000 concentrators) have the option to put vpn clients on the same local network as the concentrator's inside interface, and just proxy arp for the clients.
01-15-2004 04:51 PM
I don't know if it uses broadcasts or multicasts. I'm not really sure how it would even do that?
Here's a quick summary of our network.
Main network: 172.16.16.0/20 (172.16.16.0-172.16.31.255)
The PIX's outside interface is on the internet 4.x.x.x
The PIX's inside interface is 172.16.18.209/20
The VPN client pool is 172.16.31.224/29.
From the 172.16.31.224/29 network you can access the rest of our 172.16.16.0/20. The only thing that doesn't work is this Funk Proxy application. Seeing as the VPN client lands you in our 20 bit I don't see why it shouldn't work.
Thanks
01-16-2004 06:02 AM
Also have the same problem with Proxy.
I tried VNC (freeware) successfully.
The main difference between them is that proxy uses UDP
and VNC uses TCPIP ans is more optimized for Wan.
I suppose Proxy is more sensitive to timeouts.
I thought it was able to use TCP/IP but on line help doesn't explain how.
01-16-2004 09:28 AM
I think you are correct. I found the link stating that TCP can be used in Proxy version 4.10. So I installed 4.10.3 host and master. I then went into the clients protocol options and disabled UDP. I am now able to connect using the PIX VPN.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide