08-13-2008 11:22 AM - edited 02-21-2020 03:53 PM
I have a Vpn tunnel between our Pix 515e and an Asa box at a remote location.
The Vpn client says we are connected but I cannot ping or access anything at the remote location.
When I check my Ipconfig, I see that I got an ip from the asa box at the remote location.
Funny thing is that we can ping and access the remote computers when we establish the Vpn tunnel from our sister company.
Our subnet Ip scheme is the same at the 3 locations.
Thanks for your time.
08-13-2008 11:29 AM
Could you clarify what type of vpn your are trying to establish. You mention a tunnel between a pix and asa, but you also mention the vpn client. Is this lan to lan or remote access?
08-13-2008 11:52 AM
Remote Access
08-13-2008 11:30 AM
The VPN client is connecting to which server, ASA or PIX? What is the version of PIX/ASA?
Have you enabled NAT-T? (You might need to enable it in the client as well in the Transport tab...its enabled by default tough on the client and disabled on ASA/PIX 7.x)
isakmp nat-traversal is the command to enable it on the PIX/ASA.
Regards
Farrukh
08-13-2008 11:57 AM
Farrukh is right on here. If's it's not nat-t then look at your nat exemption config. In 7.2 and greater the command is now
crypto isakmp nat-traversal
08-18-2008 06:57 AM
I checked my config on my pix and I have the "isakmp nat-traversal" command in there.
This is is what I am trying to do:
User--->Pix--->Asa---rdp to any machine in the network protected by the asa.
Thanks for your time
08-18-2008 10:41 AM
So on what port is the VPN connection established? 500 and ESP (Prot 50) or on port 4500? You can verify this by 'show conn' and by the 'show crypto isakmp/ipsec sa det' command.
Regards
Farrukh
08-18-2008 11:05 AM
On which device should I run this command.
On the pix (Client) or on the Asa (Server)?
08-18-2008 11:24 AM
The first suggestion (to enable NAT-T) is on the client. Its on the 'Transport' tab in the VPN client GUI. Its on by default, but just double check.
The second set of commands are on the firewall (Server).
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: