Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
4
Replies

VPN Client to VPN 3000

j.rounkles
Level 1
Level 1

‎07-08-2005 12:56 PM

I have setup a connection between my employer's VPN Concentrator (3000) and my home PC (sitting behind a Pix 501)using the latest greatest Cisco VPN Client. I can connect using the Client but I do not receive any decrypted packets back. I verify this by viewing the statistics on the VPN Client. I cannot connect to any machines at work nor can I ping anything. I have my firewall setup to receive the ICMP packets back but still do not receive. As far as I can tell everything is fine on the VPN Concentrator. What am I missing or what should I be looking for on my Pix (501) at home.

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎07-08-2005 06:32 PM

Your pix at home should not see any icmp packets, or any other cleartext packets, as the ipsec vpn is from your pc to the 3000, not from the pix to the 3000. You say you can connect using the client, but what do you mean by connect - you pass user authentication, or something else?

Is there a conflict between your home lan ip address and that supplied by the 3000? You may want to disable split-tunneling on the client end, if the 3000 config is not already set to do so, to eliminate that issue from arising as you are trouble shooting this issue.

Set the 3000 up for nat-t (aka transparent tunneling) if not already done so. If you do not want to use nat-t, then on your home pix code this: fixup protocol ike-esp which would allow the pix to properly nat your ike and ipsec traffic to the 3000.

Let me know if this was of any help, or if I could help you further.

0 Helpful

j.rounkles
Level 1
Level 1
In response to ehirsel

‎07-11-2005 12:07 PM

My home IP scheme is 172.30.X.X and at work its 192.168.X.X. so I don't think its a conflict there. Here is why I think I am connecting. I open the Client and click connect, I get the authentication window which I complete. Once I click Ok it looks like is connects since the padlock show it is "locked" on the taskbar.When I display the "Statistics" on the Client; I don't know decrypt any packets.

0 Helpful

j.rounkles
Level 1
Level 1
In response to ehirsel

‎07-11-2005 12:47 PM

Here is a screen shot of the Statistics windows.

Preview file
1023 KB
0 Helpful

attrgautam
Level 5
Level 5

‎07-25-2005 08:57 PM

Try with an IP Conduit from ur PIX for the client. IPSec is a 2-way process. What is the error you are getting on the Client logging >

0 Helpful
Customers Also Viewed These Support Documents