Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
5
Helpful
5
Replies

PIX VPN - Access/Routing Issue

snooter
Level 1
Level 1

‎12-13-2005 07:24 PM - edited ‎02-21-2020 12:35 AM

Hello

I currently have my pix515 (v.7x) acting as a vpn server. My client is on a cable connection behind it's own router/firewall.

The client can connect to the PIX vpn server just fine. It gets it's address from a pool on the pix. Once connected the client can connect to any server side (inside the pix) host/IP. It can ping everything server side as well.

My problem is, nothing on the server side (inside the pix) can ping or access any client host/resource. I don't understand cause I can connect to my pix vpn via a dial up connection, not behind any kind of router or firewall, and I can ping that host from inside the pix.

Is this a routing issue or an access issue? I'm pretty new to split tunneling, but I'm almost positive i've got that setup correctly cause everything works but Server-to-client communications..

Any advice is greatly appreciated!!

-scott

0 Helpful
5 Replies 5

spremkumar
Level 9
Level 9

‎12-14-2005 01:52 AM

Hi

Can you check whether you have windows firewall enabled in ur host which is using VPN client to get connected to the central location ??

regds

0 Helpful

snooter
Level 1
Level 1
In response to spremkumar

‎12-14-2005 06:07 AM

Windows Firewall is disabled on both ends.

0 Helpful

kevinglong
Level 1
Level 1
In response to snooter

‎12-14-2005 08:52 PM

Reminds me of a NAT traversal problem but you said client to server communications work OK.

Not familiar with v7 yet but I had to add "isakmp nat-traversal 20" to my config to allow access from behind a firewall.

Can you post a scrubbed config for a look-see?

snooter
Level 1
Level 1
In response to kevinglong

‎12-15-2005 06:55 AM

Kevin, that did it! adding the "isakmp nat-traversal 20" free'd it right up. How hard would it be for cisco to put that in the documentation??? I probably went through 30 different pages pertaining to this in cisco kb, not once did I see this command mentioned.

thanks man!

0 Helpful

kevinglong
Level 1
Level 1
In response to snooter

‎12-15-2005 02:02 PM

I suffered with the inability to tunnel back to the house for months from the office with my PIX501. Finally found the command via Google so it sticks in my mind.

The command is listed in the docs but my fresh CCNA certificate at the time didn't help me one bit as I didn't know exactly what the problem was nor where to look. Wish it was on by default.

Glad I could help.

Kevin L

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card