I've been troubleshooting a problem with the PIX firewall and the Cisco Secure VPN 1.1 client for a couple of days now and it has me stumped. Here are the details:
From my Windows 98 client with the VPN adapter installed and the Cisco v 1.1 client, I connect to our PIX firewall from a remote location. The PIX forwards my AAA request to an internal TACAS box that verifies my credentials and logs me on to the network. With the default settings for the VPN adapter, I can browse my network (non-secure) and have access to the resources I need.
The Cisco v1.1 client shows in the Log viewer that the IKE fails because the initial message sent from my client does not receive a reply. If I change the settings on the VPN adapter and do NOT choose to use the default gateway on the remote network, then the IKE occurs and I can establish a secure connection. When I attempt to locate resources on my internal network in this case, I cannot ping them because the gateway on the remote network is not defined. So I either get a secure connection with no access to resources or a non-secure connection with access to resources.
Although I did not perform the PIX configuration, nothing jumps out at me as being incorrect. There is a route from the inside network to the default gateway defined in the configuration and it is correct. One other interesting observation is that the default gateway that I get when I use the "default gateway on the remote network" is the internal IP address that my PPP adapter is assigned.
Other potentially pertinent information:
The LAN adapter on my remote machine does not use DHCP but rather has a static IP and gateway configured.
The IP address that my PPP adapter is assigned is not in the local pool as defined in the PIX configuration.
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...