Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Cisco VPN behind Pix 515

We have a Pix 515. We want ot VPN into other customers with the 3.62 client. The IPSec connection completes but we cannot ping or access any hosts on the remote network. Is there anything that needs to be done on the pix to allow this? I am using NAT for the hosts that need to do this so I have a static mapping between a priv and pub address.

6 REPLIES
New Member

Re: Cisco VPN behind Pix 515

Are you getting encrypts on your client? Do you know if your getting decrypts/and or encrypts on the remote pix? Finding this out will help figure out which side the problem is on. You will need an access-list on your pix permiting esp from the remote network to your static public ip address.

Kurtis Durrett

New Member

Re: Cisco VPN behind Pix 515

Kurtis,

Interesting. I will have to check this out on Monday. I'll let you know. Thanks!

New Member

Re: Cisco VPN behind Pix 515

What did you find out?

New Member

Re: Cisco VPN behind Pix 515

Kurtis,

The ESP did it! Thank you very much!!! I did a access-list out permit esp any any.

I really appreciate it!

Sincerely,

Alex

New Member

Re: Cisco VPN behind Pix 515

If your PATing it will not work. You must have a one to one nated address in order to be able to vpn from the inside going out through pix. If you customer has a vpn concentrator he could set it up to allow ipsec through tcp and that would work fine.

New Member

Re: Cisco VPN behind Pix 515

I'm definitely doing NAT.

253
Views
0
Helpful
6
Replies
CreatePlease to create content