Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

Has anyone got the vpn client to work with a pix with the client behind a firewall? It appears the client/pix will not negotiate to use esp/udp. (I have the udp box checked). So, far from what I have found on the Internet is that the client will not work with a PIX if the client is behind a FW because the PIX has to tell the client to use UDP. Is there some setting on the PIX that will tell the client to use udp?

6 REPLIES
New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

Hi,

I am having similer problem, I can connect to the PIX fire wall from my vpn client 3.1 in the remote network, I can also ping the outside interface of PIX firewall however I can not ping iside ip address of the PIX.

thanks in advance,

regards,

RAUL

New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

If your client is behind a firewall it will not work unless you create a static map for the client IP on the firewall. The pix does not support UDP passthrough. It would be nice to know if there are any plans for the PIX to support UDP passthrough. Otherwise the VPN client with the PIX is useless.

New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

Is there any news from cisco?

Thanks Renato

New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

You can never ping the inside interface of a pix from the outside.

New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

There is afaik no way to get esp/udp to work but to use the VPN concentrator instead.

However, there is a walk-around.

It's possible to use PPTP in this scenario, PPTP is (imho) not nearly as good or useful as IPSec but it will save your a*s since you can still establish connectivity from the client behind the firewall with the exisiting equipment :-)

The reason why the UDP checkbox is even present (since it won't work) is due to the fact that it is the same client that is used with the VPN 3000 (which supports this scenario).

/M

New Member

Re: VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

Both the PIX and Router IOS do not support UDP pass-through. I was told by Cisco they expect the IOS 12.2.14 to have this feature. I'm not sure when PIX will support it.

109
Views
0
Helpful
6
Replies
CreatePlease to create content