Problems with VPN settings using Pix firewall and VPN clients with preshare
I am trying to configure a virtual private network using a PIX firewall with version 6.1(2) and VPN client version 1.1.
The actual PIX configuration was done using access-list acl_in and access-list acl_out commands and their respective access-group acl_in and access-group acl_out applied to the interfaces where the rule is effective.
Everything works OK with this, but now I need to implement the VPN configuration to receive remote dial-up VPN clients. I am using exactly the configuration that appears at the Configuring PIX-to-VPN Client Wild-card, Pre-shared, No Mode-Config example and it does not work. I am not able to pass traffic across the tunnel, but it seems as if it´s open. While performing debugs it seems that there are no errors with phase 1 and 2 authentication. Also, it appears that I get the IP of my access-list pool address. Could it be a problem with the other access-lists (acl_in and acl_out) that I am using for the other purposes?
What could it be the solution? I have implemented the same using the same VPN client 1.1 but pIx firewall version 5.1 and with conduits instead of access-lists and worked immediatly.
Re: Problems with VPN settings using Pix firewall and VPN client
Often times complex troubleshooting issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, its often difficult to do so for this type of issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...