I am having a problem routing packets through a vpn tunnel established with a 3.6 client through a pix 501 to a vpn 3005. I am using ipsec over udp (port 10000). If I use the easy vpn server config on the pix, everything works fine, but I don't need a lan to lan tunnel. I don't want to use split tunneling for internet access on the remote lan and only 1 machine needs the vpn connectivity at various times. I have opened all the necessary ports, I think. My access list looks like this:
access-list allowincoming permit udp any any
access-list allowincoming permit esp any any
access-list allowincoming permit udp any any eq isakmp
access-group allowincoming in interface outside
The tunnel comes up and authenticates fine on the client but it appears that none of the incoming packets are decrypted. I have the same config at another remote site through a PAT'ed 1605R running IOS FW with similar access-lists and it works fine.
Am I missing something. Any suggestions are greatly appreciated.
Actually, just having the nat and global interface overload command should already enable your inside client to connect and pass traffic to the concnentrator. (Even without the access-list). Maybe an access-list on the inside??
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...