Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
3
Replies

VPN Client

p.holley
Level 1
Level 1

‎11-10-2004 10:53 AM

I have the following setup:

vpnclient------>FW1<-----vpn tunnel------->FW2

When the tunnel is down, and a vpnclient on the inside network of FW1 establishes a vpn sesion with FW2. The vpnclient connection is connected, but the vpnclient cannot ping the inside network of FW2.

If I take FW1 out of the equation and connect the vpnclient directly to the internet connection. The vpnclient is connected, and I can ping the inside ip address of FW2.

What could I be missing in my config on FW1 or FW2?

Labels:
0 Helpful
3 Replies 3

r.fang
Level 1
Level 1

‎11-10-2004 11:06 AM

I ran into same scenario before.

both vpnclient and Fw1 have same IPsec tunnel peer IP , which is outside IP of FW2.

When VPN tunnel is up between FW1 and FW2. vpnclient could not neogatiate Tunnel with FW2 anymore, this is vpnclient IPsec tunnel within another Ipsec tunnel( tunnel bwt FWs). FW2 confused.

0 Helpful

p.holley
Level 1
Level 1
In response to r.fang

‎11-11-2004 11:40 AM

Thanks. Is there no work around for this scenario? Just wandering

In your case, was the vpnclient on FW1 inside network able to reach the inside network of FW2 when the tunnel is up between FW1 and FW2

0 Helpful

andy-cole
Level 1
Level 1

‎11-11-2004 11:42 AM

Just to be clear on this, is the VPN tunnel from vpnclient 1 to FW2? If so then does FW1 run NAT?

If this is the case you will need to use NAT-T, otherwise the tunnel comes up but wont pass any data.

Andy

0 Helpful
Customers Also Viewed These Support Documents