Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN Client to PIX through a PIX problem

Hi

I've got a PIX 515 at the central site and a pix 501 at a remote site. I want to have a client at the remote site connect via the Cisco VPN Client to the pix at the central site and the problem is that I can connect, but cant reach anything on the central site LAN. I've verified my crypto access-lists to be correct and I'm allowing ESP and ISAKMP to the outside of the Central pix...any ideas. thanks

1 REPLY
New Member

Re: Cisco VPN Client to PIX through a PIX problem

There are many possibilities for this one.

1. Check 515 for "sysopt connection permit-ipsec"

2. nat (inside) 0 access-list X and X would be:

access-list X permit ip

3. Make sure your internal routing at the 515 site is routing packets for the VPNPool to the Pix and not somewhere else.

Then on the 501 side...

1. You either need a static one to one NAT and allow ESP

OR

2. You need to have recent code that supports "fixup protocol esp-ike"

OR

3. Have 6.3 code on the 515 that has "isakmp nat-traversal" to encapsulate the packet in UDP Port 4500.

123
Views
0
Helpful
1
Replies
CreatePlease login to create content