I've been troubleshooting a problem with the PIX firewall and the Cisco Secure VPN 1.1 client for a couple of days now and it has me stumped. Here are the details:
From my Windows 98 client with the VPN adapter installed and the Cisco v 1.1 client, I connect to our PIX firewall from a remote location. The PIX forwards my AAA request to an internal TACAS box that verifies my credentials and logs me on to the network. With the default settings for the VPN adapter, I can browse my network (non-secure) and have access to the resources I need.
The Cisco v1.1 client shows in the Log viewer that the IKE fails because the initial message sent from my client does not receive a reply. If I change the settings on the VPN adapter and do NOT choose to use the default gateway on the remote network, then the IKE occurs and I can establish a secure connection. When I attempt to locate resources on my internal network in this case, I cannot ping them because the gateway on the remote network is not defined. So I either get a secure connection with no access to resources or a non-secure connection with access to resources.
Although I did not perform the PIX configuration, nothing jumps out at me as being incorrect. There is a route from the inside network to the default gateway defined in the configuration and it is correct. One other interesting observation is that the default gateway that I get when I use the "default gateway on the remote network" is the internal IP address that my PPP adapter is assigned.
Other potentially pertinent information:
The LAN adapter on my remote machine does not use DHCP but rather has a static IP and gateway configured.
The IP address that my PPP adapter is assigned is not in the local pool as defined in the PIX configuration.
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Hello,i have a N5k-k5548up-af and i have a acl for trusted network which is attached to line vty and to my uplinks interface, and i have around 250 interface vlan and my interface vlans can reach bgp port or snmp port, is there nayway that tune copp to pe...
This event had place on Tuesday 22nd, Septemberat 10hrs PDT
Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role help...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim...
Hello Guys, I'm trying to create a simple script to create new objects on FMC via API, but I'm facing issues(Python 3.8). Script(that pretty simple, I'm not programmer, but I'm trying): import base64import sysimport requestsimport reimport ...