Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 IPSEC ESP(50) HOW TO

Hello,

I searched the forum, but didn't find anything on this topic, so I apologize if this has been covered before.

This PIX 501 was already configured when I came on board here, and I'm having trouble configuring it to allow us to connect to an offsite VPN server with one of our internal VPN clients behind the firewall.

I was given a list of ports that had to be opened, and I have opened all those on the PIX (I think), but the error I am getting when trying to log into the VPN server indicates that IKE authentication is not going through.

This is supposed to take place via IPSEC ESP(50). How do I enable that on the PIX 501?

I have attached the running config.

Thanks in advance for any help.

2 REPLIES
Silver

Re: PIX 501 IPSEC ESP(50) HOW TO

What kind of device are these clients connecting to ?

Is this device behind a NAT/PAT device ?

Is a PPTP client in front of the PIX (or at any other location) able to connect ?

New Member

Re: PIX 501 IPSEC ESP(50) HOW TO

Not sure exactly what kind of servers are on the other end. Yes, other clients can connect to the VPN, just not the clients behind this PIX.

I just spent a couple hours on the phone with a cisco tech and he says that IPSEC esp(50) will not work with my current configuration because I am using PAT.

He suggested getting an extra public ip from our ISP and doing a static to one machine and then the client on that one machine could connect to the remote VPN servers. Problem is I need the client on 5 machines behind the PIX.

I am sure there must be a workaround, (other than just opening the firewall completely).

274
Views
0
Helpful
2
Replies
CreatePlease to create content