Re: Pix v6.3.3 and VPN Client 4.0.4(D) problem

accraig · ‎07-12-2004

With my setup for the VPN Client, if a dial-up with my windows machine I can connect to the Pix, Authenticate and gain access to my internal network.

However from home I connect via ISDN through my 1603 and I am running NAT overload to my bri address. When I use my VPN Client I can connect to the Pix and authenticate, however I see that my packets that get encrypted aren't received by the Pix. It basically looks like the tunnel is established correctly but there is no data transfer.

What can I look at to see why my traffic isn't getting there.

accraig · ‎07-13-2004

Scenario: Trying the same as above but from behind another Pix ......better logging than the router ;)

In addition to this I have been playing around. I have noticed that it seems with the IPSec/UDP enabled in the client somehow ESP isn't being encapsulated. The initial connection to the Pix is and once I'm authenticated and try and ping a device on the internal network my Pix picks up the following:

portmap translation creation failed for protocol 50 src my inside addy to the remote Pix addy.

This leads me to believe that the IPSec/UDP aint working.

Is there anything in addition on the Pix I have have to do for this?

I need to be able to use the VPN Client from behind any NAT device.

federico_caminos · ‎07-14-2004

Hi

Try the following command on the pix side , be advised this requires version 6.3.3

isakmp nat-traversal

regards

FEC