Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problem with VPN connection from VPN client to HO PIX

HI All, I am facing a problem with one of my branch users. Actaully branch users are not able to communicate with Head Office server over vpn using cisco VPN client. At head office vpn is terminating on cisco router & behind it there is PIX firewall. at branch office we have PIX firewall on which we have terminated our ADSL connection with static public ip assigned by ISP. Now the problem is that when i remove the PIX from branch office & connect the adsl directly to a PC users r successfully connecting to VPN & can communicate to HO server but when I install PIX at branch office then they successfuly connect to vpn, get the IP from HO cisco router but not able to communicate with HO servers infect any IP at HO. Please help me its very urgent. I am attaching the config of HO-Router,HO-PIX & branch office PIX.

3 REPLIES
Bronze

Re: problem with VPN connection from VPN client to HO PIX

Before you can establish a VPN connection, you must have:

At least one connection entry configured on the VPN Client

User authentication information. This includes your username and password, and depending on the configuration of your connection entry, might also include:

Passwords for RADIUS authentication

VPN group name and password for connections to VPN devices

PINs for RSA Data Security

Digital certificates and associated passwords

An Internet connection

Hall of Fame Super Blue

Re: problem with VPN connection from VPN client to HO PIX

Hi

I think the problem you have here is that the Pix 506 is doing PAT and you have no exemption for your VPN clients. You can do one of two things

1) Enable NAT-T on your headend router.

2) Create a NAT exemption for the VPN clients on your Pix506.

Attached is a link to a Cisco doc for troublshooting common IPsec problems. Both solutions 1 & 2 are covered in this doc.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

HTH

Jon

New Member

Re: problem with VPN connection from VPN client to HO PIX

Thanks Jon,

Its working. We have enabled NTA-T at head end router now PIX 506 side client are able to access HO but now I have another problem, problem is other vpn client is now facing slowness which were working fine before connecting this new branch.Actually we upgrade the IOS of this headend router along with enabling NAT-T. I dont know where is the problem now.

please help me.

Thanks

Ninja

112
Views
0
Helpful
3
Replies
CreatePlease login to create content