Using Cisco Secure Client Ver 3.6, terminating on a PIX 515 firewall, remote clients using analogue BT lines, NTL broadband are able to connect to all network as configured over a VPN connection. However, BT ADSL users are having problems. These users connects fine with the VPN client icon showing in the taskbar. The issue is that there is no IP connectivity at all from BT ADSL users.
Routes have been double checked and the fact that other users using other access methods are able to connect to all parts of the network nullifies routing as an issue as specified in IPSEC debugging document by Cisco.
What type of ADSL is in use? If it is NAT ADSL, then PIX O/S 6.3 will be required on the PIX - this supports VPN NAT Transparency. Other than that, it may be worth checking with the ISP (BT Openworld?) to see if they are blocking any ports/protocols.
I'm assuming your users are using the standard 512K home DSL with one IP address with the USB modem.
We had a lot of customers have problems with this type of connection. We never got a decent explanation from BT as to why this happens, not really a great suprise there. We have found several "workarounds" for this though.
Use Transparent NAT, has worked with concentrators and will be on 6.3 release of PIX OS.
Connect using a DSL router instead of USB modem. Cisco routers work well enough but there's cheaper DSL routers out there. We have had a lot of success using Draytek USB devices.
Upgrade to the NONAT service and use the Ethernet router provided by BT.
I use BT ADSL (with the green Alcatel USB modem) and client version 3.6 to connect to a PIX 515. I have to use a DSL router to get the VPN connection worlking.I had intermitent problems when connecting the USB straight into the PC. I can only assume from this that BT do not block IPSec traffic, but the USB modem is causing a problem.
Incidentally, we found differing problems with different Microsoft O/S's.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...