08-27-2007 10:43 AM - edited 02-21-2020 03:14 PM
We've got several remote locations with PIX 501s. I want to be able to access with the desktop client (on XP Pro) from anywhere. Problem occurs when I'm on behind another PIX- authentication seems to work fine, the gold lock icon locks and I get an ip address on the remote LAN. However, I can't ping or access resources on either the remote or the local LAN. When I'm not behind a PIX, everything works fine. I've got "sysopt connection permit-ipsec" & "isakmp nat-traversal" enabled.
08-31-2007 12:10 PM
The reason you are not able to access resources on remote LAN is because PIX does not redirects traffic, so the tunnel will get setup but the traffic will not flow. In your case when you connects a vpn client to a PIX behind another PIX, the first PIX does not redirect the traffic to second PIX and so you do not get the connectivity to remote LAN. The PIX cannot be configured for redirecting the vpn traffic. The reason you are not able to get access to local LAN, which probably is behind first PIX, is because the tunnel is to the second PIX and this PIX will not redirect the traffic to the first PIX.
09-01-2007 08:39 AM
No problem, I figured this out. We needed "isakmp nat-traversal" on the remote PIX (with VPN configured) not the local one.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: