Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
0
Helpful
4
Replies

VPN Client Connection - Hong Kong to USA

Go to solution
jaycaruso
Level 1
Level 1

‎08-04-2005 04:37 AM

We have a PIX 515E with VPN enabled. Users in the USA have no problem connecting with the VPN client.

However, we have a user in Hong Kong who is having problems. He can connect to the outside interface and establish the connection. The user is assigned an IP address from the reserve pool, but cannot connect to our server here in the states or even ping any of the internal ip addresses.

Is there any other config that needs to be done?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jmia
Level 7
Level 7
In response to jaycaruso

‎08-04-2005 06:07 AM

Yes, in config mode do:

isakmp nat-traversal

save with: write mem - and your done.

Now get your user in HK to establish the VPN client connection and try and ping an internal server on your side. And make sure that the MS XP firewall is disabled.

Let me know how you get on and if this does resolve your problem please rate post as other might be looking for the same solution!!

Jay

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jmia
Level 7
Level 7

‎08-04-2005 05:15 AM

Is your user at HK using an XP box, if so try disabling the built in XP firewall.

Also, is this user behind a NAT device? if so, enable on your PIX 515 (in config mode):

isakmp nat-traversal

You can also get your user to enable logging on the VPN client - set the logging level to HIGH and ask him/her to re-connect and observe the client log, you could post this here and we'll take a look for you.

Hope this helps a little let me know how get on.

Jay

0 Helpful

Go to solution
jaycaruso
Level 1
Level 1
In response to jmia

‎08-04-2005 06:00 AM

Hi Jay -

Thanks for the quick reply. I smacked myself in the head when I saw your suggestion about the XP firewall. I should have known that.

They are behind a NAT device. Forgive my ignorance, but I am not an expert on configuring the PIX. Is that one one line all I need to enter? IE

config t

isakmp nat-traversal

quit

write mem

Anything else? Does the PIX need to be restarted after making that change?

Thanks for the help. If none of this works, I'll get them to enable the logging to see what the situation is.

Jay

0 Helpful

Go to solution
jmia
Level 7
Level 7
In response to jaycaruso

‎08-04-2005 06:07 AM

Yes, in config mode do:

isakmp nat-traversal

save with: write mem - and your done.

Now get your user in HK to establish the VPN client connection and try and ping an internal server on your side. And make sure that the MS XP firewall is disabled.

Let me know how you get on and if this does resolve your problem please rate post as other might be looking for the same solution!!

Jay

0 Helpful

Go to solution
jaycaruso
Level 1
Level 1
In response to jmia

‎08-05-2005 04:05 AM

Jay -

Many thanks for your help. The isakmp nat-traversal configuration resolved the issue.

Thanks again!

JC

0 Helpful
Customers Also Viewed These Support Documents