Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
3
Replies

problem with VPN connection from VPN client to HO PIX

jain.nitin
Level 3
Level 3

‎02-09-2007 10:04 PM

HI All, I am facing a problem with one of my branch users. Actaully branch users are not able to communicate with Head Office server over vpn using cisco VPN client. At head office vpn is terminating on cisco router & behind it there is PIX firewall. at branch office we have PIX firewall on which we have terminated our ADSL connection with static public ip assigned by ISP. Now the problem is that when i remove the PIX from branch office & connect the adsl directly to a PC users r successfully connecting to VPN & can communicate to HO server but when I install PIX at branch office then they successfuly connect to vpn, get the IP from HO cisco router but not able to communicate with HO servers infect any IP at HO. Please help me its very urgent. I am attaching the config of HO-Router,HO-PIX & branch office PIX.

Labels:
Preview file
9 KB
Preview file
7 KB
Preview file
6 KB
0 Helpful
3 Replies 3

vkapoor5
Level 5
Level 5

‎02-15-2007 11:33 AM

Before you can establish a VPN connection, you must have:

At least one connection entry configured on the VPN Client

User authentication information. This includes your username and password, and depending on the configuration of your connection entry, might also include:

Passwords for RADIUS authentication

VPN group name and password for connections to VPN devices

PINs for RSA Data Security

Digital certificates and associated passwords

An Internet connection

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-16-2007 03:08 AM

Hi

I think the problem you have here is that the Pix 506 is doing PAT and you have no exemption for your VPN clients. You can do one of two things

1) Enable NAT-T on your headend router.

2) Create a NAT exemption for the VPN clients on your Pix506.

Attached is a link to a Cisco doc for troublshooting common IPsec problems. Both solutions 1 & 2 are covered in this doc.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

HTH

Jon

0 Helpful

jain.nitin
Level 3
Level 3
In response to Jon Marshall

‎02-19-2007 03:09 AM

Thanks Jon,

Its working. We have enabled NTA-T at head end router now PIX 506 side client are able to access HO but now I have another problem, problem is other vpn client is now facing slowness which were working fine before connecting this new branch.Actually we upgrade the IOS of this headend router along with enabling NAT-T. I dont know where is the problem now.

please help me.

Thanks

Ninja

0 Helpful
Customers Also Viewed These Support Documents