08-31-2004 03:36 PM - edited 02-21-2020 01:19 PM
I am trying to establish 2 VPN groups to access 2 differing subnets behind a pix. I am trying to do this using PDM.
If I use the wizard to set up the VPN connections they both create 'match access lists protecting traffic from inside-any to the relevant pool address range.
If I try and change the inside-any to one of the subnets, then the VPN client is unable to negotiate a connection giving a 'proxy identities not supported' debug error on the pix.
Help please, what am I doing wrong?
09-01-2004 02:17 PM
Further to my previous posting,
I have experimented with the CLI and manually tried changing the access-list defining the traffic to be encrypted. If I use 'any' as the source address and the pool as the destination the negotiation succeeds. If I change the 'any' to point to a subnet it fails as described. Is what I am trying to do possible with the VPN client?
Any help much appreciated.
12-20-2004 06:26 PM
Well, not that this is of any help to you, but I have the EXACT same problem where if I change the 'PIX/HOst' end of the IPSec Rule to anything other than 'any' it fails with the 'proxy identities not supported'.
I have experienced that error when I have poorly inverted ACL's on static VPN tunnels, but I am quite perpelexed as to why this is happening on dyanamic vpn's.
Luke Plaizier
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide