11-03-2006 03:37 AM - edited 02-21-2020 02:42 PM
Hi everyone,
I am a little stuck with something. I have configured my Pix Firewall to allow ESP/AH & IKE (also through the access-list and the computer running the VPN Client is struggling connecting (seems to connect ok but then drops). It seems work when i do a "permit ip any any".
So, once the VPN is established and we have the VPN IP Address, does this ever get seen by the pix ?
11-03-2006 04:58 AM
Did you also permited UDP port 4500 ???? It used for nat traversal
M.
11-03-2006 05:03 AM
Hi,
Yes, UDP 4500 is also enabled.
Cheers
Wayne
11-03-2006 05:58 AM
More Info;
I am getting ICMP traffic as part of the connection ? Anyone understand what this capture is saying ?
Thanks in advance
1: 13:48:00.852967 a.b.c.d.53 > 172.16.0.25.1032: udp 47
2: 13:48:00.906981 172.16.0.25.500 > w.x.y.z.500: udp 394
3: 13:48:01.017256 w.x.y.z.500 > 172.16.0.25.500: udp 286
4: 13:48:01.069149 172.16.0.25.1200 > w.x.y.z.500: udp 76
5: 13:48:01.089228 w.x.y.z.500 > 172.16.0.25.1200: udp 68
6: 13:48:01.089808 172.16.0.25.1200 > w.x.y.z.500: udp 92
7: 13:48:05.249239 w.x.y.z.500 > 172.16.0.25.1200: udp 60
8: 13:48:05.266465 w.x.y.z.500 > 172.16.0.25.1200: udp 140
9: 13:48:05.270783 172.16.0.25.1200 > w.x.y.z.500: udp 84
10: 13:48:05.330732 w.x.y.z.500 > 172.16.0.25.1200: udp 372
11: 13:48:05.422387 172.16.0.25.1200 > w.x.y.z.500: udp 324
12: 13:48:05.491612 w.x.y.z.500 > 172.16.0.25.1200: udp 52
13: 13:48:09.245501 172.16.0.25.1201 > w.x.y.z.10001: udp 124
14: 13:48:09.265016 172.16.0.25.1201 > w.x.y.z.10001: udp 76
15: 13:48:09.269471 172.16.0.25.1201 > w.x.y.z.10001: udp 196
16: 13:48:09.560090 172.16.0.25.1201 > w.x.y.z.10001: udp 84
17: 13:48:09.887847 172.16.0.25.1201 > w.x.y.z.10001: udp 76
18: 13:48:09.981623 172.16.0.25.1201 > w.x.y.z.10001: udp 124
19: 13:48:10.731651 172.16.0.25.1201 > w.x.y.z.10001: udp 124
20: 13:48:11.481649 172.16.0.25.1201 > w.x.y.z.10001: udp 124
21: 13:48:12.231936 172.16.0.25.1201 > w.x.y.z.10001: udp 124
22: 13:48:12.263032 172.16.0.25.1201 > w.x.y.z.10001: udp 196
23: 13:48:12.544130 172.16.0.25.1201 > w.x.y.z.10001: udp 84
24: 13:48:12.981653 172.16.0.25.1201 > w.x.y.z.10001: udp 124
25: 13:48:13.731712 172.16.0.25.1201 > w.x.y.z.10001: udp 124
26: 13:48:14.481679 172.16.0.25.1201 > w.x.y.z.10001: udp 124
27: 13:48:15.232257 172.16.0.25.1201 > w.x.y.z.10001: udp 124
28: 13:48:15.232776 172.16.0.25.1201 > w.x.y.z.10001: udp 124
29: 13:48:15.263078 172.16.0.25.1201 > w.x.y.z.10001: udp 196
30: 13:48:15.981699 172.16.0.25.1201 > w.x.y.z.10001: udp 124
31: 13:48:15.981806 172.16.0.25.1201 > w.x.y.z.10001: udp 124
32: 13:48:16.731712 172.16.0.25.1201 > w.x.y.z.10001: udp 124
33: 13:48:16.731788 172.16.0.25.1201 > w.x.y.z.10001: udp 124
34: 13:48:17.481817 172.16.0.25.1201 > w.x.y.z.10001: udp 124
35: 13:48:17.481908 172.16.0.25.1201 > w.x.y.z.10001: udp 124
36: 13:48:18.232806 172.16.0.25.1201 > w.x.y.z.10001: udp 188
37: 13:48:18.233126 172.16.0.25.1201 > w.x.y.z.10001: udp 204
38: 13:48:18.559770 172.16.0.25.1201 > w.x.y.z.10001: udp 84
39: 13:48:19.731743 172.16.0.25.1201 > w.x.y.z.10001: udp 188
40: 13:48:21.231845 172.16.0.25.1201 > w.x.y.z.10001: udp 188
41: 13:48:22.731758 172.16.0.25.1201 > w.x.y.z.10001: udp 188
42: 13:48:23.000900 w.x.y.z.500 > 172.16.0.25.1200: udp 76
43: 13:48:23.001815 172.16.0.25.1200 > w.x.y.z.500: udp 68
44: 13:48:30.599044 172.16.0.25.1200 > w.x.y.z.500: udp 76
45: 13:48:30.620985 w.x.y.z.500 > 172.16.0.25.1200: udp 68
46: 13:48:30.621092 w.x.y.z.500 > 172.16.0.25.1200: udp 76
47: 13:48:30.621351 172.16.0.25 > w.x.y.z: icmp: 172.16.0.25 udp port 1200 unreachable
48: 13:48:30.621397 172.16.0.25 > w.x.y.z: icmp: 172.16.0.25 udp port 1200 unreachable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide