Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
4
Replies

Cannot Establish VPN Tunnel behind a Firewall

chewshk
Level 1
Level 1

‎04-25-2005 01:16 AM - edited ‎02-21-2020 01:44 PM

Hi,

I have a VPN3000 behind a firewall. I enabled the required TCP/UDP/IP ports. For dial-ups, I am able to establish the VPN tunnel. Works fine.

However, when I tried to connect from another site using broadband behind a PIX firewall, I can't establish.

Someone in this forum advised me to configure NAT-T in the VPN3000, which I did, but still, it can't work.

Another person explained that there is no way to establish a VPN tunnel behind a firewall (if I used IPSec) unless I use SSL. However, there is no SSL option in the Cisco VPN Client V.4.0(1).

Therefore, what can I do to establish the tunnel, and are there any firewall rules that I should enable at the client side?

Thank you very much.

Rgds

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎04-25-2005 02:25 AM

hello chewshk

you need to enable some rules on your client firewall (which has broadband) .. You need to open UDP 500 & UDP 4500, IP 50/51 to make this work..

once u open these, u will be able to connect to the vpn 3000.

let us know if this works...

Raj

0 Helpful

chewshk
Level 1
Level 1
In response to sachinraja

‎04-28-2005 11:14 PM

Hi Raj,

I have enabled those ports that you mentioned on the inside-to-outside interface, using the port numbers at the destination port. But it still cannot work.

When connecting to the VPN Concentrator, I didn't even get the message "Connecting to gateway x.x.x.x".

Did my firewall rules applied correctly?

Rgds

0 Helpful

lgijssel
Level 9
Level 9

‎04-29-2005 01:32 AM

On the client, you should select "Transparent Tunneling" using tcp or udp, the default is mostly OK. You probably have done this already.

The PIX must allow IP access to the outside, not just tcp/udp.

On the VPN3000 side, you must permit vpn connections using NAT-T which I assume to be in fact Transparent Tunneling. Unfortunately I do not know how this can be achieved. On a PIX you must enter the line:

isakmp nat-traversal 20

I do not know if this is the same on the vpn3000.

Still hope to put you in the right direction.

Regards,

Leo

0 Helpful

chewshk
Level 1
Level 1
In response to lgijssel

‎05-03-2005 06:39 PM

Hi Leo,

Thanks. I tried inserting this command into the PIX but there is no such command. Is there anything else I need to enable before this command is valid?

The PIX version I'm using is 6.2(2).

Rgds

0 Helpful
Customers Also Viewed These Support Documents