Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Simple VPN client connection..

Hell-o,

Using the 3.5.2 VPN client. Trying to go through a PIX515 firewall and out to a site on the Internet with a 3000 series concentrator. They supplied the client and client configuration. All I have to do is configure the PIX (6.2 (1) to allow the connection?

We are using conduit commands.

I created a static address.

conduit permit esp host <our ip> host <there external ip>

conduit permit upd host <our external ip> eq isakmp host <there external ip>

I still cannot connect with the client? Can you tell me what I might be doing wrong?

TIA

1 REPLY
New Member

Re: Simple VPN client connection..

When your VPN client sitting behind PIX, please enable "ipsec over UDP" or "IPSEC over TCP" feature in the 3000 as well as the client end.

http://www.cisco.com/warp/customer/471/nat_trans.html

http://www.cisco.com/warp/customer/471/vpn3k_ipsec_tcp.html

In the PIX: (IPSEC over UDP)

conduit permit udp host host eq 500

conduit permit udp host host eq 10000

Or (IPSEC over TCP)

conduit permit tcp host host eq 10000

Best Regards,

88
Views
0
Helpful
1
Replies