Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
2
Replies

Known problems with VPN in Pix OS 7.0(4) running on a Cisco Pix 515E?

henriklarsson
Level 1
Level 1

‎08-04-2006 07:49 AM

Hi,

I wonder if there are any known problems with VPN on Cisco Pix 515E with OS 7.0(4)?

We've in short time discovered two different customers with the exact same

hardware (Cisco Pix 515E) and OS (7.0(4)) which we have two VPN related problems with. Both problems

occure with both customers' equipment.

- - -

Problem 1:

Trying to communicate through VPN with servers on a network protected by a Cisco Pix 515E from a remote location fails, if the remote location is behind a firewall manufactured by Cisco (i.e. Cisco Pix 501) and the client's communication to the Internet is NAT:ed.

VPN connection up, but not possible to reach the servers through VPN:

Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> I.e. Cisco Pix 501 (NAT) <---> User with Cisco VPN client

The VPN connection is accepted, authenticated and up and running according to the Cisco VPN client at the user's remote location, but no data is transported through the VPN tunnel. We've tried this with Cisco VPN client version 4.6-4.8 from different computers and two different Internet connections. The common thing with these two Internet connections at the users' remote

locations are that they both are protected by some kind of Cisco firewall which performs NAT (in one of the cases, a Cisco Pix 501). The users' Cisco VPN clients are configured to use IPsec over UDP.

From the users' remote locations it is possible to establish VPN connections to other Cisco Pix devices which aren't Cisco Pix 515E with OS 7.0(4).

- - -

Problem 2:

If we use a third Internet connection, which is protected by a Linksys WRT54G broadband router (NAT), it is possible to communicate through VPN with the servers behind the Cisco Pix 515E with OS 7.0(4). This with the Cisco VPN client (version 4.8) installed on one of the computers above that couldn't communicate with these servers when connected behind i.e. a Cisco Pix 501 (NAT).

VPN Connection accepted and possible to transport data (for a short while):

Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> Linksys WRT54G (NAT) <---> User with Cisco VPN client

Although the connection is used and doesn't idle, it drops after a while. It can be anything from 7 minutes to 15 minutes or less. There isn't any packet loss on the Internet connection

or at the other end (where the Cisco Pix 515E can be found).

- - -

Any ideas?

We plan to try to upgrade to a newer version of the Pix OS on the Cisco Pix 515E and hope it will fix the above, but regardless of that it would be nice to know if it is a known bug and/or if it can be corrected in the configuration of the Cisco Pix 515E with OS 7.0(4). At the time of this posting, I haven't the

Cisco Pix 515E's configuration available.

Thanks in advance.

Regards,

Henrik Larsson

Labels:
0 Helpful
2 Replies 2

sorinbadea
Level 1
Level 1

‎08-04-2006 09:06 AM

I have encountered same issue oulined in problem 1. I'm using an ASA5510 with 7.1(2) version. VPN connection si accepted, but no data traffic. Help!!!!!

0 Helpful

henriklarsson
Level 1
Level 1

‎08-07-2006 11:05 PM

Problem 1 was caused by a configuration error (NAT Traversal) in the Cisco Pix 515E.

Problem 2 was solved by upgrading to Pix OS 7.2.1.

0 Helpful
Customers Also Viewed These Support Documents