Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

pix vpnclient client mode not working

I can't seem to get this to work with a VPN 3000 as the server. It does work with client mode network-ext. I see pings go all the way through to the destination and replies coming back to the VPN 3000 but nothing back to my PC. Also, even if I were to get this to work, will this work if I put an IP phone and use client mode????

4 REPLIES
Community Member

Re: pix vpnclient client mode not working

I just got this to work with the help of TAC. There are two bugs on CCO concerning this type of connection.

Just to let you know, to truely bring the tunnel up you have to initiate traffic from behind the PIX. The connection will appear to come up on its own but you cannot contact devices behind the pix until they first try to send traffic to the concentrator.

Community Member

Re: pix vpnclient client mode not working

what did you have to do to fix it. I know the packets are coming back to the PIX because I set a debug packet outside and then did a continous ping.

Cisco Employee

Re: pix vpnclient client mode not working

IP phones usage require network -extension mode.

Nelson

Cisco Employee

Re: pix vpnclient client mode not working

Bill, are you saying the PIX in client mode cannot establish the tunnel or can establish the tunnel but not pass data ?

Anyway, you need to turn on the following logging for us to see what's going on:

1) On the VPN 3000 enable AUTH, IKE, IKEDBG level 9 events.

2) On the PIX turn on debug (debug crypto ipsec, debug crypto isakmp)

3) clear the logs; inititate the tunnel (ping), and please post 1 and 2 results here.

Thanks.

Nelson

107
Views
0
Helpful
4
Replies
CreatePlease to create content