Re: client VPN Question

peter.saldanha · ‎06-18-2005

Hi

I have set up a pix to pix static to dynamic VPN and also client VPN and it works very well.

But I am facing one problem. Due to some reason my server is in the dynamic site of VPN tunnel. Now when remote vpn client is connected to static end of the tunnel, it cannot ping to dynamic end where my server is located. I have already given access list in both firewall for end to end connection netween remote vpn client subnet to my server subnet. Please help how do I resolve this.

sachinraja · ‎06-18-2005

hi peter,

am really not sure what is static & dynamic ends .... are u referring to inside & outside interfaces ?? do you have any reference diagram or configs?? are you sure you are nonatting the traffic ?

please mail me at raja_ccie@yahoo.com, if required...

Raj

peter.saldanha · ‎06-18-2005

Hi Raj

I am referring dynamic and static ends for outside interfaces of the firewall. One side is ADSL through which I am having dynamic IP address and other side is leased line by which I have a fixed IP from ISP. I have done nonatting at both firewalls. Do I need to do any additional configurations at the firewalls for passing VPN client traffic to my dynamic connection end of the tunnel.

sachinraja · ‎06-18-2005

peter,

are the static and dynamic tunnels terminating on different interfaces of pix ?? please give us more info on this.. please note that icmp redirect cannot be done on the pix.. so if the static & dynamic tunnels are on the same interface, you cannot route between them...

Raj