Re: Cisco VPN behind Pix 515

exigent · ‎11-13-2002

We have a Pix 515. We want ot VPN into other customers with the 3.62 client. The IPSec connection completes but we cannot ping or access any hosts on the remote network. Is there anything that needs to be done on the pix to allow this? I am using NAT for the hosts that need to do this so I have a static mapping between a priv and pub address.

kdurrett · ‎11-15-2002

Are you getting encrypts on your client? Do you know if your getting decrypts/and or encrypts on the remote pix? Finding this out will help figure out which side the problem is on. You will need an access-list on your pix permiting esp from the remote network to your static public ip address.

Kurtis Durrett

exigent · ‎11-15-2002

Kurtis,

Interesting. I will have to check this out on Monday. I'll let you know. Thanks!

kdurrett · ‎11-18-2002

What did you find out?

exigent · ‎11-27-2002

Kurtis,

The ESP did it! Thank you very much!!! I did a access-list out permit esp any any.

I really appreciate it!

Sincerely,

Alex

anavarro · ‎11-15-2002

If your PATing it will not work. You must have a one to one nated address in order to be able to vpn from the inside going out through pix. If you customer has a vpn concentrator he could set it up to allow ipsec through tcp and that would work fine.

exigent · ‎11-16-2002

I'm definitely doing NAT.