Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
227
Views
0
Helpful
2
Replies

VPN Client to PIX Problem dosent work from behind another PIX

jcleary
Level 1
Level 1

‎10-07-2003 08:27 AM - edited ‎02-21-2020 12:48 PM

When I try to use the VPN Client from behind a nokia or checkpoint firewall to another PIX it works fine. From behind a PIX it fails. All firewalls are doing PAT. It only works on a PIX if i create a static NAT translation to the device initiating the connection and allow IP any any to it (I know its very insecure but it was just for testing)

Any ideas??

Labels:
0 Helpful
2 Replies 2

jasobrown
Level 1
Level 1

‎10-07-2003 11:20 AM

It is hard to say what is happening without seeing the devices and the configurations. I have had to configure one to one nats in Checkpoints for this to work as well. One way that you could get around doing this is to use the isakmp nat traversal in the terminating pix and allow UDP 4500 thru PixA to PixBand you would not have a problem.

Regards,

Jason

0 Helpful

a.macaluso
Level 1
Level 1

‎10-08-2003 06:22 PM

Upgrade to 6.3 on the pix and add the following:

fixup protocol esp-ike

This will eliminate the need for the static NAT

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents