05-08-2006 07:26 AM - edited 02-21-2020 02:24 PM
I have a user in a hotel, his laptop has been working fine on remote connections previously, he gets the padlock when he connects but no IP traffic is being passed. If he pings he gets "host unreachable". I'm thinking he is behind a hotel firewall but anything else I can check to confirm? I was going to make the newest client available to him via download (internet access works fine), he's running a 4.7 version. I've also tested his connection profile on an a test box and it worked fine.
Solved! Go to Solution.
05-08-2006 09:15 PM
mm ... if he is able to authenticate then I don't think it coulkd be blocked .. double check you are using have nat traversal enabled on your PIX ..
isakmp nat-traversal 20
I hope it helps ... please rate it if it does !!!
05-08-2006 12:48 PM
Iam affraid problem is on hotels firewall. He needs to have open UDP ports 500 a 4500 and ESP protocol (number 50)..
05-08-2006 09:15 PM
mm ... if he is able to authenticate then I don't think it coulkd be blocked .. double check you are using have nat traversal enabled on your PIX ..
isakmp nat-traversal 20
I hope it helps ... please rate it if it does !!!
05-09-2006 07:52 AM
That fixed it, thanks!
05-10-2006 07:17 AM
I have a similiar issue with 2 users who use VPN V4.0.4 for two users in Canada. They are able to authenticate into our domain but cannot access any of our servers, and network drives. They are able to gain access to other websites; just not our network resources. Will this help?
05-10-2006 09:58 AM
Update,
I was able to connect onto the machines remotely. I verified that they received our ip/dns... but could not get to our network exchange server or portal. The firewall was off and we do not run PIX on our side.
05-10-2006 09:07 PM
mmm .. are you saying that those users do or don't have cisco vpn client v.4 XX..?
Are you saying that you do or don't use a PIX to terminate those remote connections ..?
If you don't use a PIX .. what device do you use for terminating the VPN connections ..?
06-27-2007 04:05 PM
Hi have the same problem but im using a VPN3000. I not hable to put thiscommand:isakmp nat-traversal 20
07-02-2007 11:35 AM
I have a similar issue. I have a vendor that is using client 4.8.0 and has no issues connecting to our 3005 concentrator. However, when he connects to our new asa5520 (from his office) he gets a connection, but can't ping or RD to the servers. The real strange part is if he takes his laptop home, he can connect to the asa5502 and use RD to the servers. Any suggestions will be appriciated.
07-02-2007 12:02 PM
hholtzclaw, probably same issue as fernando mentioned earlier in the post. Enable nat-t.
isakmp nat-traversal or
crypto isakmp nat-traversal
07-05-2007 11:42 PM
Try adding this on your pix.
fixup protocol esp-ike
07-06-2007 01:07 AM
This explains it in more details..
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K18056497
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: