Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

Cisco VPN Client - accessing multiple subnets behind PIX

alan.morris
Level 1
Level 1

‎08-31-2004 03:36 PM - edited ‎02-21-2020 01:19 PM

I am trying to establish 2 VPN groups to access 2 differing subnets behind a pix. I am trying to do this using PDM.

If I use the wizard to set up the VPN connections they both create 'match access lists protecting traffic from inside-any to the relevant pool address range.

If I try and change the inside-any to one of the subnets, then the VPN client is unable to negotiate a connection giving a 'proxy identities not supported' debug error on the pix.

Help please, what am I doing wrong?

Labels:
0 Helpful
2 Replies 2

alan.morris
Level 1
Level 1

‎09-01-2004 02:17 PM

Further to my previous posting,

I have experimented with the CLI and manually tried changing the access-list defining the traffic to be encrypted. If I use 'any' as the source address and the pool as the destination the negotiation succeeds. If I change the 'any' to point to a subnet it fails as described. Is what I am trying to do possible with the VPN client?

Any help much appreciated.

0 Helpful

csacontract
Level 1
Level 1
In response to alan.morris

‎12-20-2004 06:26 PM

Well, not that this is of any help to you, but I have the EXACT same problem where if I change the 'PIX/HOst' end of the IPSec Rule to anything other than 'any' it fails with the 'proxy identities not supported'.

I have experienced that error when I have poorly inverted ACL's on static VPN tunnels, but I am quite perpelexed as to why this is happening on dyanamic vpn's.

Luke Plaizier

0 Helpful
Customers Also Viewed These Support Documents