Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
4
Replies

Remote Access VPN Prob

dhavaltandel
Level 1
Level 1

‎07-24-2006 05:20 AM - edited ‎02-21-2020 02:32 PM

Hello NetPros,

I do have connectivity like this,

PIX 515---CLOUD----VPN 3005(IOS 3.1)----LAN with NON MANAGABLE SWITCH (5 LAPTOPS with Cisco VPN Client 4.7)

-- Here in my scenerio PIX 515 is configured for IP SEC VPN as a Remote Access VPN which is locarted remotely.

-- And my all the laptops are installed Cisco VPN Client version 4.7.00.

-- Configuration of VPN 3005 is Default routing pointing to my ISP gateway IP ADDRESS and NAT with Port Mapping enable, this translates my internal network 192.168.1.xx serias ip address to the my single assigned IP ADDRESS xx.xx.xx.xx.

-- Now my query is when i try to establish VPN from any of laptop by keeping my laptop behind the NAT is allows me to establish by showing the status message. But when i try to ping my remote internal network (also behind NAT)of the range 172.xx.xx.xx it wont allow me to do so. While my remote office administrator report me that he can see my laptop ip address in PIX 515 as attempting for PING and also that PIX is replying me to 192.168.xx.xx.

-- But if i connect directly my laptop to DSL line comming from my ISP and configure my laptop (can say if i am not behind NAT), and than i can establish VPN as well i can ping easily to my Remote Internal Network.

I am not getting this issue...

Any body has solution please reply..

Thanks,

Dhaval Tandel

Labels:
0 Helpful
4 Replies 4

attrgautam
Level 5
Level 5

‎07-24-2006 05:59 AM

On the PIX enable isakmp nat traversal and see if it helps

0 Helpful

dhavaltandel
Level 1
Level 1
In response to attrgautam

‎07-24-2006 06:34 AM

Hello, Attrgautam

Thanks for taking interest.

I appriciate your answer but we did try from other network like personally from my home pc (also behind another NAT of my ISP) and its working fine there. So should have correct configuration.

So it is not working only from my office network. So is there any configuration needs to be done on VPN 3005 located at my office acting as ROUTER as well NAT device....???

Becoze nothing is ther between other than VPN Concentrator. and as i post earlier PIX is responding to my laptop tooo so its should not be the issue for PIX or anything at Remote Office.

If found something do reply....

Thanks,

Dhaval Tandel

0 Helpful

pdesch
Level 1
Level 1
In response to dhavaltandel

‎07-26-2006 05:07 AM

We have the exact same problem here with the VPN client and IOS...it doesn't appear to be a NAT traversal problem as I can see the UDP 4500 traffic hitting the router.

It looks like traffic from our laptops are getting across to the router, but return traffic is not going back across the tunnel (and there's only a default route on the router). I suspect it's a NAT issue on the router, as this random website (http://www.fredshack.com/docs/vpnios.html) seems to indicate some issues with how the Cisco configuration guides show NAT.

0 Helpful

pdesch
Level 1
Level 1
In response to pdesch

‎07-27-2006 10:40 AM

Our issue did indeed turn out to be a nat traversal issue. We had it enabled on the firewall all along, but we also had to make sure the lient was configured for transparent tunneling (IPSec over UDP) AND the routers in front of the firewalls were not blocking UDP port 4500.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents