Cisco VPN Client behind PIX Firewall

Cisco VPN Client behind PIX Firewall

Post by Newsgu » Thu, 23 Jan 2003 13:15:18



I have a PIX firewall that I have set up to terminate VPN connections.  When
I dial up to the Internet, I can connect just fine using the Cisco VPN
Client 3.6.2.

I have another PIX firewall connected to the Internet.  I cannot access the
VPN when behind this PIX.  I have a static mapping for my ip address.  When
connecting, it prompts for authentication and authenticates, negotiates
security policies, and says "The link is secure".  However, I cannot access
anything through this connection.  I have created a conduit allowing all tcp
and udp ports through to this ip address, and it still doesn't work.  Prior
to creating the static mapping for my ip address, I couldn't even
authenticate.  Now, however, I authenticate successfully but cannot pass
traffic.  Looking at the dialer log, it appears that I am being assigned an
IP address from the pool assigned to VPN users, but I can't even ping that.

Any ideas greatly appreciated.

Brad Greig

 
 
 

Cisco VPN Client behind PIX Firewall

Post by Newsgu » Thu, 23 Jan 2003 13:14:43


I have a PIX firewall that I have set up to terminate VPN connections.  When
I dial up to the Internet, I can connect just fine using the Cisco VPN
Client 3.6.2.

I have another PIX firewall connected to the Internet.  I cannot access the
VPN when behind this PIX.  I have a static mapping for my ip address.  When
connecting, it prompts for authentication and authenticates, negotiates
security policies, and says "The link is secure".  However, I cannot access
anything through this connection.  I have created a conduit allowing all tcp
and udp ports through to this ip address, and it still doesn't work.  Prior
to creating the static mapping for my ip address, I couldn't even
authenticate.  Now, however, I authenticate successfully but cannot pass
traffic.  Looking at the dialer log, it appears that I am being assigned an
IP address from the pool assigned to VPN users, but I can't even ping that.

Any ideas greatly appreciated.

Brad Greig

 
 
 

Cisco VPN Client behind PIX Firewall

Post by Walter Robers » Thu, 23 Jan 2003 15:31:07



:I have another PIX firewall connected to the Internet.  I cannot access the
:VPN when behind this PIX.  I have a static mapping for my ip address.  When
:connecting, it prompts for authentication and authenticates, negotiates
:security policies, and says "The link is secure".  However, I cannot access
:anything through this connection.  I have created a conduit allowing all tcp
:and udp ports through to this ip address, and it still doesn't work.

If you are using IPSec you need *protocols* 50 and 51, as well
as UDP 500.
--
This signature intentionally left... Oh, darn!