Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
3
Replies

VPN 3000 and Unidirectional traffic behind firewall

pstuder
Level 1
Level 1

‎04-30-2007 12:00 PM - edited ‎02-21-2020 03:00 PM

Here is a strange one .. I have a VPN3030 Concentrator (Version 4.1.4) to which I am able to connect without issue. The problem is that traffic is flowing in only 1 direction (according to the client - version 4.0.3C) it flows in the transmit to the concentrator, but not the receive. My client is sitting behind a PIX 501. I have opened everything up on the PIX and it still behaves the same way. Now, when I bypass the PIX and run the PPPoE client on my laptop, it connects and traffic flows in both directions. I am troubleshooting this for a customer who is not using PIX everywhere - they have several Watchguard firewalls deployed and they behave in the same manner. One point of note is that this problem does not happen to everyone .. only a handful of users with nothing in common except for the concentrator.

If anyone has seen this or has any insight/suggestions, it would be greatly appreciated.

thanks!

Labels:
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎04-30-2007 12:42 PM

Maybe a nat-traversal problem?

0 Helpful

pstuder
Level 1
Level 1
In response to acomiskey

‎04-30-2007 05:32 PM

Well, we looked at that initially and when we enabled NAT-T on the concentrator, I was not able to connect at all. My firewall has "fixup protocol ike-esp" configured as well as "isakmp nat-traversal 20". According to the concentrator, phase 2 completes and the tunnel is up ... just not passing traffic for some reason.

0 Helpful

pstuder
Level 1
Level 1
In response to pstuder

‎05-01-2007 12:13 PM

Found the issue .. the firewall sitting in front of the concentrator did not have UDP 4500 open. Once we opened that, amazing ... it worked. RTFI.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents