10-06-2004 07:07 AM - edited 02-21-2020 01:22 PM
Hello,
I've a problem with a VPN connection established with a VPN concentrator and a Pix.
The VPN concentrator is a 3005 with 4.1.4 software version.
The Pix is a 501 with 6.3.4 software version.
The Pix is configured as a VPN client with Network Extension Mode(it's behind a non-manageable router) and NAT-T is enabled in the VPN concentrator.
The VPN tunnel is successfully established by the Pix.
There is however a problem: if I monitor the VPN session on the VPN conc side, the "Assigned IP address" (menu Monitoring -> Sessions) stay "N/A" for about ten hours. Then, it takes the value of the private network of the LAN inside the Pix. Moreover, when it's "N/A" , I can only ping the pix via the vpn conc and vice versa. No other machines on the LAN behind the vpnconc can reach the machines on the pix protected lan (and vice versa). When the value "Assigned IP Address" becomes the ip address of the private pix protected LAN, all works perfectly. It seems like that in the first phase, the VPN Concentrator doesn't know what is the subnet of the remote LAN.
But I cannot explain why there is that delay...
Thanks for your precious attention.
10-12-2004 11:52 AM
Try adding a Static route on the concentrator to the PIX.
10-25-2004 06:01 AM
Sorry, but what next hop must I specify?
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide