cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3247
Views
0
Helpful
18
Replies

Cisco VPN client connects but no data

daniel
Level 1
Level 1

Hi,

I have been busy for days now trying to get the cisco VPN client to work. I administer a network with 8 pixes 7 501's and one 506E. They are all connected by site to site VPN's. For a few people I want the ability to access the 506E from home. I used to do this with PPTP but found that it was not secure enough and decided to switch to Cisco VPN client. I setup VPN client on the pix 506E using the PDM, installed the client on my laptop and made connection. The connection is fine, only I cannot get any data through the tunnel. No ping no RDP.

I tried about every option I could find, Switching back to PPTP gave connection again woth data. Does somebody have any tips?

Thanks in advance

Daniel

18 Replies 18

HI,

Don't want to sound ignorant, but before I try it, why would it help if I can make a good VPN connection without the PIX here and behind a diffirent firewall. The problem is that my pix doens't let part of the protocol through, the other pix works fine. And if I split the tunnel there I am not changing anything here.

Daniel

a-larkins
Level 1
Level 1

I have seen the same problem..

Ensure that the follwoing is configured on your system.

1. isakmp nat-traversal.

Also ensure that UDP 4500 is open as well. The VPN client when passing through a NAT device here requires this port open as well as UDP 500 and ESP.

Is sysopt connection permit-ipsec configured as well?

AAHHHH,

I don't know what those lines do exactly but all my Site to Site lan lines quit working. I had to take them out again and reload the pix, take some of them out another time to get the tunnels working again. But even setup with UDP 4500 and 500 (both configured static) and ESP open outside any to inside ANY the VPN client connected but no data transfer.

Thanks!

Well I finally solved the problem searching on the internet, I post this answer here for the searchers after me. The clue is you have to put the sentence "sysopt connection permit-ipsec" in the firewall you are behind. Then put "isakmp nat-traversal 20" in the firewall you are trying to reach. Don't open any ports, it's not very logical to me, but for some reason this works.

Thanks for all your help