Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
1
Replies

Cisco VPN Client to PIX through a PIX problem

jasonhumes
Level 1
Level 1

‎03-25-2004 06:35 AM

Hi

I've got a PIX 515 at the central site and a pix 501 at a remote site. I want to have a client at the remote site connect via the Cisco VPN Client to the pix at the central site and the problem is that I can connect, but cant reach anything on the central site LAN. I've verified my crypto access-lists to be correct and I'm allowing ESP and ISAKMP to the outside of the Central pix...any ideas. thanks

Labels:
0 Helpful
1 Reply 1

jasobrown
Level 1
Level 1

‎03-25-2004 07:53 AM

There are many possibilities for this one.

1. Check 515 for "sysopt connection permit-ipsec"

2. nat (inside) 0 access-list X and X would be:

access-list X permit ip

3. Make sure your internal routing at the 515 site is routing packets for the VPNPool to the Pix and not somewhere else.

Then on the 501 side...

1. You either need a static one to one NAT and allow ESP

OR

2. You need to have recent code that supports "fixup protocol esp-ike"

OR

3. Have 6.3 code on the 515 that has "isakmp nat-traversal" to encapsulate the packet in UDP Port 4500.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents