cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
0
Helpful
3
Replies

Cisco VPN Client through PIX?

jasonhumes
Level 1
Level 1

Hi

I've got a PIX 501 at a remote site and a PIX535 at the head site. I can connect to the Head pix from the remote site using the Cisco VPN Client 4.0.4, yet I cannot communicate with anything. In the past I would create a static translation from the Inside VPN client to an Outside IP address. Is there any other way of doing this so that I dont have to create a static translation for each host who wants to use the vpn client. Thanks very much.

3 Replies 3

rajimish
Level 1
Level 1

Hi,

Make sure you have 6.3+ on PIX 535 with "isakmp nat-t" command in the PIX.

Thanks

Hi,

I've enabled 'isakmp nat-t' on the head pix, but I still cannot communicate with anything through the tunnel, I can connect, but cant reach anything. If I put myself outside the pix501 or make a static translation, than everything works fine. Any ideas. Thanks

When you created the static, was that done on the pix at the remote site? Is the head-end pix assigning ip addresses to remote vpn users?

Your issue may be due to the fact that the inside addresses are being nat'ed across the vpn connection when they should not be, particularly if your vpn connection uses the same dns service that non-vpn users use. The dns is unware of the nat process.