Known problems with VPN in Pix OS 7.0(4) running on a Cisco Pix 515E?
I wonder if there are any known problems with VPN on Cisco Pix 515E with OS 7.0(4)?
We've in short time discovered two different customers with the exact same
hardware (Cisco Pix 515E) and OS (7.0(4)) which we have two VPN related problems with. Both problems
occure with both customers' equipment.
- - -
Trying to communicate through VPN with servers on a network protected by a Cisco Pix 515E from a remote location fails, if the remote location is behind a firewall manufactured by Cisco (i.e. Cisco Pix 501) and the client's communication to the Internet is NAT:ed.
VPN connection up, but not possible to reach the servers through VPN:
Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> I.e. Cisco Pix 501 (NAT) <---> User with Cisco VPN client
The VPN connection is accepted, authenticated and up and running according to the Cisco VPN client at the user's remote location, but no data is transported through the VPN tunnel. We've tried this with Cisco VPN client version 4.6-4.8 from different computers and two different Internet connections. The common thing with these two Internet connections at the users' remote
locations are that they both are protected by some kind of Cisco firewall which performs NAT (in one of the cases, a Cisco Pix 501). The users' Cisco VPN clients are configured to use IPsec over UDP.
From the users' remote locations it is possible to establish VPN connections to other Cisco Pix devices which aren't Cisco Pix 515E with OS 7.0(4).
- - -
If we use a third Internet connection, which is protected by a Linksys WRT54G broadband router (NAT), it is possible to communicate through VPN with the servers behind the Cisco Pix 515E with OS 7.0(4). This with the Cisco VPN client (version 4.8) installed on one of the computers above that couldn't communicate with these servers when connected behind i.e. a Cisco Pix 501 (NAT).
VPN Connection accepted and possible to transport data (for a short while):
Servers <---> Cisco Pix 515E (VPN) <---> Internet <---> Linksys WRT54G (NAT) <---> User with Cisco VPN client
Although the connection is used and doesn't idle, it drops after a while. It can be anything from 7 minutes to 15 minutes or less. There isn't any packet loss on the Internet connection
or at the other end (where the Cisco Pix 515E can be found).
- - -
We plan to try to upgrade to a newer version of the Pix OS on the Cisco Pix 515E and hope it will fix the above, but regardless of that it would be nice to know if it is a known bug and/or if it can be corrected in the configuration of the Cisco Pix 515E with OS 7.0(4). At the time of this posting, I haven't the
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...