Re: VPN Client behind a PIX

scott · ‎06-04-2003

I'm trying to connect to a remote VPN via the Cisco VPN client that is behind a PIX 515 FW. If I access the VPN outside the PIX it is ok. Anyone know how config the PIX so the Client VPN can access a remote VPN behind the PIX???

I have trying an access list to allow protocol 50 and UDP 500 - no change.

mostiguy · ‎06-04-2003

Do you have any logs from the 515? Are you certain it is a IPSec vpn that is being used? Are the 515 natting? Does the SW client normally work behind NAT?

scott · ‎06-04-2003

No logs...I know that it works outside the PIX and works at home for me behind a LinkSys cable/dsl router with allow IPsec to pass-thru enabled. NAT is turned on on the inside interface. The SW client will work behind a Novell Bordermanager server w/NAT and ports UDP 500 and TCP 10000 allowed thru.

mostiguy · ‎06-04-2003

do you have the sysopt for ipsec enabled?

i have had no trouble using the sw client from behind my pix at home, which nats everything to a vpn 30xx concentrator, as well as from behind one doing nat (0) thru another ipsec tunnel to another pix to the concentrator = both nat and no nat configs.

sachin · ‎06-05-2003

Create one static mapping for that machine on PIX with one public IP address.

and open the corresponding ports.

Regards,

Sachin

jbalzer · ‎06-04-2003

I am having the same problem with the configuration of the 515. I am using a wireless laptop connection through an inside Access Point, then to the PIX, then through the Router to the internet. The laptop works great via T-mobile hotspots and outside the PIX but refuses to work from inside. Any ideas as to the config parms I am missing? Also tried protocol 50 and UDP 500. Thank you in advance.