Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Interoperability

I am trying to configure a laptop workstation using the Sonicwall VPN client (also written by SafeNet) to access a private network behind a Sonicwall DMZ, through an internet VPN, from another private network behind a Cisco PIX 515 firewall running a NAT. I think that the VPN client is able to secure a connection because the "key" graphic appears in the VPN client tray icon, but I cannot get any (MS Exchange) mail replication to work; nor can I ping anything inside the destination network. I know the VPN client and the replication themselves work, because when I try the VPN connection at home (using the very same laptop workstation), using a cable internet service, I can achieve replication successfully, and can also ping inside the destination network. I'm thinking that I need to add some configuration to the PIX to allow the destination network to communicate to the VPN enabled laptop, but I'm not sure what that configuration is, or if that's even the case. Do I have to add a static mapping, in the PIX, to provide a public IP mapped to the laptop workstation running the VPN client that is using a private static IP? If so, what conduit commands should I include to allow the access of the protocols and through what ports?

New Member

Re: VPN Interoperability

NAT transparency is not supported on the PIX (unlike on the Cisco 3000).

There is no transparency of ESP and IKE protocols through the PIX.

Seems like you need a static defined and an access list entry permitting

traffic through UDP port 500.

The use of access-lists (in addition to the already existing static

and conduit support) also got added in version 6.0 on the PIX.

Its best you actually got a manual from your A.M to look into

it specifically.

Sunil Wadwani

Cisco TME

CreatePlease login to create content