10-17-2006 07:42 AM
Hi,
I have been busy for days now trying to get the cisco VPN client to work. I administer a network with 8 pixes 7 501's and one 506E. They are all connected by site to site VPN's. For a few people I want the ability to access the 506E from home. I used to do this with PPTP but found that it was not secure enough and decided to switch to Cisco VPN client. I setup VPN client on the pix 506E using the PDM, installed the client on my laptop and made connection. The connection is fine, only I cannot get any data through the tunnel. No ping no RDP.
I tried about every option I could find, Switching back to PPTP gave connection again woth data. Does somebody have any tips?
Thanks in advance
Daniel
10-19-2006 02:18 AM
HI,
Don't want to sound ignorant, but before I try it, why would it help if I can make a good VPN connection without the PIX here and behind a diffirent firewall. The problem is that my pix doens't let part of the protocol through, the other pix works fine. And if I split the tunnel there I am not changing anything here.
Daniel
10-19-2006 05:37 AM
I have seen the same problem..
Ensure that the follwoing is configured on your system.
1. isakmp nat-traversal.
Also ensure that UDP 4500 is open as well. The VPN client when passing through a NAT device here requires this port open as well as UDP 500 and ESP.
Is sysopt connection permit-ipsec configured as well?
10-19-2006 07:59 AM
AAHHHH,
I don't know what those lines do exactly but all my Site to Site lan lines quit working. I had to take them out again and reload the pix, take some of them out another time to get the tunnels working again. But even setup with UDP 4500 and 500 (both configured static) and ESP open outside any to inside ANY the VPN client connected but no data transfer.
Thanks!
10-25-2006 12:55 AM
Well I finally solved the problem searching on the internet, I post this answer here for the searchers after me. The clue is you have to put the sentence "sysopt connection permit-ipsec" in the firewall you are behind. Then put "isakmp nat-traversal 20" in the firewall you are trying to reach. Don't open any ports, it's not very logical to me, but for some reason this works.
Thanks for all your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide