I am new to PIXs and VPN so please forgive my evident new-ness. We recently had a VPN installed between two offices. There is a PIX 515e on each end. The site2site works fine. However. I am having problems with remote2site. I have 3 PCs at home behind a Netgear router. All three have Cisco Client 3.6 installed. WS-A is WinXPhome. WS-B is also WinXPhome. WS-C is Win98. WS-A is able to connect to Site A. WS-B is able to connect only to Site B. WS-C can connect to both sites. I recently installed XP Pro on WS-B to see if my problems were OS related. I installed the OS, updated with all the updates. I installed the VPN client and the same problems occured. I am trying to test the whole setup prior to a rollout to other remote users. But obviously I need to find out what my true problems are.
Client side errors are IKE retransmissions and peer not responding. While at the same time the PIX side shows no connections.
Is the NetGear router doing PAT? It sounds like this might be causing your problem more than anything. Try connecting to Site A and Site B from outside this router and see if that makes a difference.
Of course this doesn't explain why the 98 PC can connect to both, but if the NetGear is screwing up the IPSec PAT, it'll depend on what current connections you have open as to where you can connect. For example, if you open a connection from WS-A to SiteA, you'll probably find that WS-B can't connect to SiteA. If you open a connection from WS-B to SiteB, then you'll probably find that WS-A can't connect to SiteB. If you don't have any connections open, you might find that WS-B can connect to both SiteA and SiteB, assuming the PAT table in the NetGear has timed out. Your test results may be flawed somewhat just by virtue of what other connections you had open and what was currently active in the NetGear's translation table.
Of course, I may also be completely wrong too, but I'd certainly try it without the NetGear in place, particularly if it's doing address translation, as NAT/PAT will quite often cause issues with IPSec.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...