08-05-2004 06:17 AM - edited 02-21-2020 01:16 PM
Hi All,
We are trying to make a vpn connection with a Cisco vpn client from a workstation within our network through our 515E to a remote network also protected by a cisco firewall. When we start the vpn client the connection gets build ok but we get no data traffic from the remote network. When we build the connection through a dialup connection we do have data traffic both ways. I think our firewall is refusing incoming traffic. How can we check this and resolve it.
Thanks for your help.
Marc Gijsman
08-05-2004 07:12 AM
Hi,
If you turn on logging on the PIX I think you'll find that the PIX is blocking ESP from the remote side peer address.
The only way I've got around this is to open ESP and IKE from the remote side peer addrress on your outside ACL.
Hope that helps.
08-06-2004 04:53 AM
I have to agree I think something like:
access-list inbound permit esp any host x.x.x.x
access-list inbound permit udp any host x.x.x.x eq isakmp
where x.x.x.x is the external ip of the pix.
How about also "isakmp nat-traversal" command as well? It might be worth looking at.
cheers
Andy
08-06-2004 05:24 AM
Hi,
That could possibly work also.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide