I have a PIX to PIX VPN established. I can ping back and forth from client to client on their respective network over the VPN. I can get DNS resolution over the VPN. I can even login to a domain across the VPN, however I cannot seem to get any port related traffic to establish. I try using both terminal services and citrix clients to connect to the servers across the VPN, but get timed out on both services.
What is restricting my port traffic? I cant find it.
PIX 515: (servers are on the inside of this network, 10.128.1.0)
PIX Version 6.2(2)
name x.x.x.98 GreenBuilding
name x.x.x.126 PalHall
access-list vpn1 permit ip 10.128.1.0 255.255.255.0 10.128.15.0 255.255.255.0
access-list vpn1 permit ip host GreenBuilding 10.128.15.0 255.255.255.0
access-list vpn1 permit ip 10.128.15.0 255.255.255.0 10.128.1.0 255.255.255.0
access-list vpn1 permit ip 10.128.1.0 255.255.255.0 host PalHall
I still have not resolved this issue, i need help.
I ran a port scanner across the vpn. I get 2 ports back, 25 and 110. If i try to telnet to those ports i get a blank telnet screen. The IP that im telnetting to should not have email services on it. I'm confused what telnet to port 25 is connecting to on that ip. Regardless, I cant get any other ports to show up across the VPN.
If I could get port traffic across this VPN i would be good to go.
Also, if I cant get anything else off a port scan, how is it I get name resolution and can login to the domain across the VPN?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...