Cisco Support Community
Community Member

VPN Soft Clinet --> PIX 501 w/3DES -->Cable Modem --> VPN 3015

VPN Client version 4.0.1(rel)

Can initiate connection to VPN Concentrator 3015. I am authenticated using an NT Domain PDC on remote network. However, I cannot browse the netwrok or access other services. Also, cannot browse Internet.

Users that connect over dial-up are not having any problems.

I have also tried the tunneling using EZ-VPN and it authenticates, but:

1. same issues as above

2. cannot browse Internet

When I connect directly to the cable modem I can get through, authernticate and access the network. What am I missing on the PIX setup?

I have two groups on the concentrator - 1 is set for "Remote Access", the other is set for "LAN-TO-LAN". For my broadband connection, I am using the L-to-L connection (however, I have tried both).

I also would like to use one of my IP 7960 Phones from my home office/network.

Cisco Employee

Re: VPN Soft Clinet --> PIX 501 w/3DES -->Cable Modem --> VPN 30

PIX only supports IPSec through PAT in 6.3 code, and only for one internal VPN client.

Upgrade the PIX to 6.3 code and enter the command:

> fixup protocol esp-ike

See for details.

Alternatively you can use the NAT-T functionality in the client and on the concentrator to automatically detect that you're going through a PAT device. The client is automatically enabled with this feature. On the concentrator, og under Config - System - Tunnelling Prots - IPSec - NAT Transparency and check the NAT-T box.

CreatePlease to create content