Cisco Support Community
Community Member

Remote VPN on PIX 515 problem...


I have a problem with my PIX firewall.

I configured a Remote VPN server by the ASDM wizard. It was my first try in configuring such type of service.

Now, when i try to connect to PIX from the outside (using Cisco VPN client for windows and GPRS connection), VPN session starts perfectly, i mean that client gets IP from the pool, and in routing table i have all needed routes. But pinging of any IP in the private network fails.

Split tunneling is off, but i can still ping PIX `outside` interface from the WEB.

In ASDM monitoring i can see Remote VPN session, but can't ping external host.


Re: Remote VPN on PIX 515 problem...

Hello Mikhail,

Go over this link.

But pinging of any IP in the private network fails

Enable NAT-T

PIX/ASA 7.1 and earlier

pix(config)#isakmp nat-traversal 20

PIX/ASA 7.2(1) and later

securityappliance(config)#crypto isakmp nat-traversal 20

As for ICMP outbound you probably need couple of things to do.

ICMP inspection, go over this link for allowing ICMP outbound.

AS for VPN Network be able to go out internet traffic or ping outbound it will go out same interface it came, so you need same sec intra interface command statement in firewall and nat (outside) rule.

e.i - to PAT your VPN network using outside interface #1

same-security-traffic permit intra-interface

nat (outside) 1

Go over this link

If issues let us know


Community Member

Re: Remote VPN on PIX 515 problem...

Thanx... but now I've discovered another problem

First off all, all woks fine... Probably the First faults were because something was wrong with Cisco VPN-Client. I've downloaded another one ant it works fine, even without NAT-T. I am using GPRS connection and I think that NAT isn't so necessary.

But all works fine only in Windows. When I'm trying to use Linux Cisco VPN client system crashes.

While connection establishes all goes fine, system gets IP addres from the pool, in /etc/resolv.conf appears nameserver and domain, but if I try to connect with any host in private network system freezes and only power button helps.

CreatePlease to create content