08-04-2006 07:49 AM
Hi,
I wonder if there are any known problems with VPN on Cisco Pix 515E with OS 7.0(4)?
We've in short time discovered two different customers with the exact same
hardware (Cisco Pix 515E) and OS (7.0(4)) which we have two VPN related problems with. Both problems
occure with both customers' equipment.
- - -
Problem 1:
Trying to communicate through VPN with servers on a network protected by a Cisco Pix 515E from a remote location fails, if the remote location is behind a firewall manufactured by Cisco (i.e. Cisco Pix 501) and the client's communication to the Internet is NAT:ed.
VPN connection up, but not possible to reach the servers through VPN:
Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> I.e. Cisco Pix 501 (NAT) <---> User with Cisco VPN client
The VPN connection is accepted, authenticated and up and running according to the Cisco VPN client at the user's remote location, but no data is transported through the VPN tunnel. We've tried this with Cisco VPN client version 4.6-4.8 from different computers and two different Internet connections. The common thing with these two Internet connections at the users' remote
locations are that they both are protected by some kind of Cisco firewall which performs NAT (in one of the cases, a Cisco Pix 501). The users' Cisco VPN clients are configured to use IPsec over UDP.
From the users' remote locations it is possible to establish VPN connections to other Cisco Pix devices which aren't Cisco Pix 515E with OS 7.0(4).
- - -
Problem 2:
If we use a third Internet connection, which is protected by a Linksys WRT54G broadband router (NAT), it is possible to communicate through VPN with the servers behind the Cisco Pix 515E with OS 7.0(4). This with the Cisco VPN client (version 4.8) installed on one of the computers above that couldn't communicate with these servers when connected behind i.e. a Cisco Pix 501 (NAT).
VPN Connection accepted and possible to transport data (for a short while):
Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> Linksys WRT54G (NAT) <---> User with Cisco VPN client
Although the connection is used and doesn't idle, it drops after a while. It can be anything from 7 minutes to 15 minutes or less. There isn't any packet loss on the Internet connection
or at the other end (where the Cisco Pix 515E can be found).
- - -
Any ideas?
We plan to try to upgrade to a newer version of the Pix OS on the Cisco Pix 515E and hope it will fix the above, but regardless of that it would be nice to know if it is a known bug and/or if it can be corrected in the configuration of the Cisco Pix 515E with OS 7.0(4). At the time of this posting, I haven't the
Cisco Pix 515E's configuration available.
Thanks in advance.
Regards,
Henrik Larsson
08-04-2006 09:06 AM
I have encountered same issue oulined in problem 1. I'm using an ASA5510 with 7.1(2) version. VPN connection si accepted, but no data traffic. Help!!!!!
08-07-2006 11:05 PM
Problem 1 was caused by a configuration error (NAT Traversal) in the Cisco Pix 515E.
Problem 2 was solved by upgrading to Pix OS 7.2.1.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide