VPN Client 3.1 behind PAT/FW with IPSEC to PIX 6.1

s.buskus · ‎01-10-2002

Has anyone got the vpn client to work with a pix with the client behind a firewall? It appears the client/pix will not negotiate to use esp/udp. (I have the udp box checked). So, far from what I have found on the Internet is that the client will not work with a PIX if the client is behind a FW because the PIX has to tell the client to use UDP. Is there some setting on the PIX that will tell the client to use udp?

ssvrao · ‎01-11-2002

Hi,

I am having similer problem, I can connect to the PIX fire wall from my vpn client 3.1 in the remote network, I can also ping the outside interface of PIX firewall however I can not ping iside ip address of the PIX.

thanks in advance,

regards,

RAUL

s.buskus · ‎01-11-2002

If your client is behind a firewall it will not work unless you create a static map for the client IP on the firewall. The pix does not support UDP passthrough. It would be nice to know if there are any plans for the PIX to support UDP passthrough. Otherwise the VPN client with the PIX is useless.

r.spiandorello · ‎04-12-2002

Is there any news from cisco?

Thanks Renato

HEATH FREEL · ‎04-26-2002

You can never ping the inside interface of a pix from the outside.

marcusl · ‎01-13-2002

There is afaik no way to get esp/udp to work but to use the VPN concentrator instead.

However, there is a walk-around.

It's possible to use PPTP in this scenario, PPTP is (imho) not nearly as good or useful as IPSec but it will save your a*s since you can still establish connectivity from the client behind the firewall with the exisiting equipment :-)

The reason why the UDP checkbox is even present (since it won't work) is due to the fact that it is the same client that is used with the VPN 3000 (which supports this scenario).

/M

s.buskus · ‎04-26-2002

Both the PIX and Router IOS do not support UDP pass-through. I was told by Cisco they expect the IOS 12.2.14 to have this feature. I'm not sure when PIX will support it.