cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
647
Views
0
Helpful
7
Replies

PIX 515 with 6.2(1) code - Help/Advice needed.

OHITS-OPS
Level 1
Level 1

I have setup VPN client access to my PIX 515 running version 6.2 (1), now my problem is as follows:

When I use a PSTN dial-up connection from my laptop and then run the VPN client, I can connect to my PIX – no problem and also can access the internal network. But when I try to connect to the PIX using the same VPN client from behind another PIX (running version 6.3(4)) I can not connect, I get a ‘peer not responding message on the VPN client’.

Can someone please explain what I am missing here, or do I need to enable some command on the PIX which is running 6.2(1) code??

I have NAT-T enabled on my PIX with 6.3(4) code but can not find any references to NAT-T for PIX with 6.2(1) code!! – could this be the problem, if so is there any solutions?

PS. I am using VPN client version 4.0.1 (Rel)

I really need this up and running ASAP so any help will be much appreciated also, I can not upgrade the 515 to 6.3(4) as customer does not want to!!!

Many thanks for you assistance.

7 Replies 7

mehrdad
Level 3
Level 3

Did you implement "sysopt connection permit-ipsec" command on the PIX with 6.3(4)?

Thanks for replying, I have the ‘sysopt connection permit-ipsec’ command enabled on the 6.3(4) code PIX as I have several site-to-site VPN connections terminating on this PIX.

My problem is that, when I try to connect to my other PIX (6.2(1)) from behind the 6.3(4) code PIX using the VPN client, I cannot connect – I get the ‘peer not responding message’.

The strange thing is that when I use a dial-up modem connection from my laptop/PC and connect to the Internet, I can run the VPN client and can make connection to my PIX with 6.2(1) code running!! But cannot do the same when behind the 6.3(4) code PIX.

Is there any command I need to set-up on the PIX with 6.2(1) code, so that I can connect to it from behind the PIX with 6.3(4) code?

I am really pulling my hair out on this problem, so any help/suggestions would be very much appreciated –I do need a quick resolution to this.

Thanks for any help.

I think you have PAT issue because the PIX 6.2 doesn't support NAT-T (isakmp nat-traversal).

I agree with you that it's a PAT related issue but is there any workaround for this? As I can not find any documents!!

Thanks -

you can use site-to-site VPN between two PIX.

Mehrdad,

Thanks for your reply, unfortunately the customer wants access via VPN client when the customer is initiating VPN access from behind another PIX (6.3(4)) to his central PIX which is running on code 6.2(1) plus the customer does not want to upgarde his 6.2(1) PIX.

So, I am a little stuck on this issue amd am looking for a workaround or documents for this problem, is there anything I can configure on the PIX with 6.2(1) running? Or is there no workaround - I'll be surprised if there isn't!!!

Thanks for all your replies.

why you don't upgrade your Cisco PIX to support NAT-T?

Review Cisco Networking for a $25 gift card