Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
0
Helpful
1
Replies

CVPN Public interface "NATed" behind à PIX Firewall

tounkara
Level 1
Level 1

‎05-18-2005 10:03 AM

I use a CVPN3000 behind a PIX Firewall (the Public interface is statically 'NATed').

I try to establish a VPN session via Internet using a Cisco VPN Client : I indicate the NATed IP address of the CVPN3000 as the VPN Server.

I have this error message :

7 18:03:11.149 05/18/05 Sev=Info/5 IKE/0x6300002F

Received ISAKMP packet: peer = <real ip @ of the CVPN3000 public interface>

8 18:03:11.149 05/18/05 Sev=Warning/2 IKE/0xE3000099

Packet is received from unknown peer (IKE_MAIN:286)

15 18:03:23.497 05/18/05 Sev=Info/4 IKE/0x63000017

Marking IKE SA for deletion (I_Cookie=E42AAB6B9A8892B4 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

So the reason is that the CVPN3000 respond to the IKE Nego using its real IP @.

What is the solution?

PS : I have to keep the real address and do NAT because I have other VPN connections using this real address.

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎05-18-2005 10:31 AM

Is the vpn client configured to use nat traversal or udp encapsulation? What version is the client?

0 Helpful
Customers Also Viewed These Support Documents