PIX as VPN client - cannot ping through tunnel

jpstott · ‎11-19-2002

I have a PIX 506 (v6.2.2) that is set up as a hardware client to a VPN 3005 concentrator. The tunnel works fine, but the application I am using requires being able to ping and SNMP query the PIX inside address from the 3005's network (which currently I cannot accomplish). I would also like to be able to remotely manage this PIX when the tunnel is active (telnet/web).

If I use a 3002 hardware client, everything works great - I can ping, SNMP and run the web based config from the concentrator's network.

There is not much to the PIX hardware client setup (address, passwords, etc.); perhaps there is a general setting on the PIX that will open this up. I tried allowing all traffic through to no avail.

vlaxamana · ‎11-20-2002

John,

Sorry that I don't have anything to share with you. In fact, I am seeking your help. In another post you mentioned that you have an IP Phone behind a Pix 501 connecting to your VPN concentrator. I have the same setup but I am getting one way voice. The 501 is configured as a hardware client. The logon script runs when I connect however, the only computer I see when logged on to our Domain is my computer and not the rest. Everything is pingable.

What am I missing with either the VPN concentrator config or the Pix that I can call but not hear the other side?

I hope you can help me out as I can't get a straightforward explanation from Cisco TAC.

Thanks.

zcude · ‎03-12-2003

Have you set the filter for the connection to "none" to see if it works then? Might be the filter configed for the tunnel that's blocking traffic. By default ICMP goes through but not any TCP traffic.