PIX VPN

andyjg247 · ‎01-30-2007

Hi,

I have a 515e with several VPN's client and site based but there is something stopping traffic initiated from the inside getting to the remote hosts. I've never seen anything like this before and can't see any probems with the config.

The client PC's can connect and do everything they need to but I cannot ping or connect to them in any way.

I would appreciate any help!

thanks

Andy

5220 · ‎01-30-2007

Hi Andy,

The Firewall associated with VPN client will not accept any connections that are not initiated from the client PC.

Try to uncheck the "Always On" firewall option.

Please rate if this helped.

Regards,

Daniel

andyjg247 · ‎01-30-2007

Hi,

This happens on the site to site links as well though. Thanks for the reply.

Andy

andyjg247 · ‎02-01-2007

Hi,

I just re-read your reply and I don't think I explained the problem correctly. Its any remote vpn connection either client or mainly the site to site (with other PIX). From my internal network I cannot get traffic to these remote hosts over the VPN however the remote hosts over the VPN can access everything, and get replies, from the inside hosts.

thanks

5220 · ‎02-04-2007

Ok,

Can you make sure the traffic from internal network to the remote LANs is permitted by ACL "insideout?

Then ACL "nonat" must contain the same statements as above (from internal network to remote LANs behind the remote VPN devices).

Are these ok?

Regards,

Daniel

andyjg247 · ‎02-05-2007

Hi, nonat does shows these statements but the insideout doesn't. I was under the impression that vpn traffic didn't need to be explicitly included in this outbound access-list?

Thanks for your time on this by the way, I do appreciate it.

cheers

Andy