11-30-2006 04:35 AM
I have configured a client to PIX VPN for PIX 515 E and authentication is being done by ACS (TACACS+) server.I am able to connect to VPN (getting the IP from VPN pool given in PIX)but i am not able to access any LAN system while ACS server is in LAN only and authentication is happening.Even i am not able to ping VPN client PC from PIX after while connected to VPN.I am able to browse from VPN connected system.Please guide whats wrong.
12-06-2006 08:22 AM
Check you have enbled "sysopt ipsec pl-compatible" command in PIX.
Try these links for more info:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a00801b7615.shtml
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_tech_note09186a0080194b4a.shtml
12-06-2006 10:27 PM
Hi,
If you are connected, that basically means the authentication part is good and you are having issues routing the traffic across the VPN Tunnel.
Where are you connecting the VPN Client from. Is the VPN client behind a PAT device.
Once you are connected, Try pinging a valid ip address on the remote side and right click on the VPN Icon and look up the connection status. Do you see packets encrypted ?
Also, can you post the pix configuration removing all sensitive data.
Regards,
Arul
** Please rate all helpful posts *8
12-07-2006 09:50 PM
The VPN Client logs when connnected are as below:
I am not able to ping client host from the PIX.In client statistics no paket received only sent and only encryption.Local LAN Disablled and Trans Tunnel Inactive.
Cisco Systems VPN Client Version 4.6.03.0021
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2
Config file directory: C:\Program Files\Cisco Systems\VPN Client
1 11:06:26.875 12/08/06 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route: code 87
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 192.168.10.1
Interface 192.168.10.1
2 11:06:27.015 12/08/06 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: c0a80a01, Gateway: c0a80a01.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: