Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,I have a ASA 5510 configured for L2TP/IPSec VPN. The L2TP/IPSec VPN clients will get their address from a DHCP server on the inside network. This part works fine, the clients get an address. What they don't get is the DHCP options I specified ...
Hi all,I am working on a site-to-site VPN but I can't get it to work properly. My VPN-endpoint is a PIX515 running OS version 6.3(3) (upgrading to 7 is no option because memory is not sufficient) and the other endpoint is a CheckPoint firewall. The c...
Hi all, I have an ASA5510 which serves as an DHCP relay for L2TP/IPSec VPN Clients. The VPN clients connect to a CVPN3005 concentrator on one off the dmz segments on the ASA. The concentrator then does a DHCP request for the client to an DHCP server ...
I have a PIX VPN hub and spoke configuration and I want to let the spokes communicate with eachother. In the documentation it says "The two outlying networks are not able to communicate with each other by going through the central PIX because the PIX...
I have a PIX VPN hub and spoke configuration and I want to let the spokes communicate with eachother. In the documentation it says "The two outlying networks are not able to communicate with each other by going through the central PIX because the PIX...
Thnx for the reply.I have configured access-lists but that didn't help. Also in the logs of the PIX i don't see any drops of packets.Any other ideas?Regards, Frank
Thanx for the reply!However in our config the ASA only acts as a DHCP relay. It passes DHCP requests from the CVPN3005 on a DMZ interface to a DHCP server on the inside network.The vpn-addr-assign command is, as far as I know, only used when client V...
Hi,Split tunneling opens a backdoor to your protected network via the VPN client so care must be taken.I had a similar configuration problem with 3000 series VPN concentrators. The concentrators now work as dhcprelay to an DHCP server on the inside n...
Hi,IPSec uses the ESP IP protocol (not port) and UDP port 500 (isakmp) and might use the AH IP protocol.If you use Nat-T then you need UDP port 500 (isakmp) and UDP port 4500 (originally UDP port 10000). With Nat-T there is no need for the ESP and AH...
Hi,Might have something to with the selected authentication protocols on the IAS server. See http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtmlAlso, you have to enable dial-in for the ...
