cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
352
Views
0
Helpful
2
Replies

Cisco VPN Client - accessing multiple subnets behind PIX

alan.morris
Level 1
Level 1

I am trying to establish 2 VPN groups to access 2 differing subnets behind a pix. I am trying to do this using PDM.

If I use the wizard to set up the VPN connections they both create 'match access lists protecting traffic from inside-any to the relevant pool address range.

If I try and change the inside-any to one of the subnets, then the VPN client is unable to negotiate a connection giving a 'proxy identities not supported' debug error on the pix.

Help please, what am I doing wrong?

2 Replies 2

alan.morris
Level 1
Level 1

Further to my previous posting,

I have experimented with the CLI and manually tried changing the access-list defining the traffic to be encrypted. If I use 'any' as the source address and the pool as the destination the negotiation succeeds. If I change the 'any' to point to a subnet it fails as described. Is what I am trying to do possible with the VPN client?

Any help much appreciated.

Well, not that this is of any help to you, but I have the EXACT same problem where if I change the 'PIX/HOst' end of the IPSec Rule to anything other than 'any' it fails with the 'proxy identities not supported'.

I have experienced that error when I have poorly inverted ACL's on static VPN tunnels, but I am quite perpelexed as to why this is happening on dyanamic vpn's.

Luke Plaizier