02-11-2005 06:55 AM - edited 02-21-2020 01:36 PM
The tunnel is established and I am seeing traffic being transmited and encrypted but nothing received.
Anyone know if this a routing issue or a config issue on the PIX running 3.3.
Thanks
Pat
02-11-2005 11:02 AM
Pat,
I'm guessing you are running 6.3.3. :)
If so, make sure you have the command "isakmp nat-traversal" configured on your PIX. This will allow the PIX to detect the use of NAT on the client end and encapsulate the VPN tunnel into UDP packets.
Steve
02-12-2005 01:18 PM
Indeed you must be using PIX 6.3.3... :-)
One good practice to test if you have routing issues is to enable:
management-access inside
this will give you the chance to ping the inside of the PIX while connected with the VPN client, if you are able to ping then the VPN is working fine, otherwise make sure you do isakmp nat-travesal suggestion above.
If you are able to ping the inside of the PIX but nothing beyond then you are facing either a routing issue or a problem with your crypto acls.
Please send the output of the "show crypto ipsec sa" while doing a continuous ping to the host you are trying to reach.
Finally make sure you have the "sysopt connection permit-ipsec" command on your PIX config.
my two cents...
Frank
02-13-2005 07:23 PM
I would also check that the vpn gateway also hands out the proper dns and wins server info to the client, as well as the dns domain name.
02-17-2005 05:01 AM
Sorry, I posted at the wrong messege
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide