10-01-2004 08:34 AM - edited 02-21-2020 01:22 PM
I set up PIX with dynamic map so that remote client (workstation with Cisco VPN Client 4.6.00.0049) will work. Testing this on a Laptop with Windows 2000, where I had an internet connection outside of my outside interface of the PIX, I get the connection OK(See Atth 1, a debug of the connection). If I take my laptop to my house, where I have cable modem connection through an ISP, it also works fine. The problem is that when I load the Cisco VPN Client to my home PC, on XP with all setups the same as my laptop, it doesn't work. I don't get the popup that allows me to put in the username and password. I have a debug of the connection attempt (See Attch 2). At attch 3 is my Pix setup. Any help or suggestions are most appreciated.
10-01-2004 09:35 AM
Add the following command to your config. You run probably into a NAT-T problem.
isakmp nat-traversal 20
sincerly
Patrick
10-01-2004 07:21 PM
Thanks Patrick. I put the command in but it did not help.Any other ideas?
10-02-2004 04:05 AM
Sounds like an application problem. Have you allready reinstaled it once?
10-04-2004 03:29 PM
Yes, I have. It is really frustrating. I am wondering if being a PC on the domain makes any difference. I ask this because the Laptop that I loaded the Cisco client on is a member of the domain that I log in to. Again, if I take this laptop home and get an IP through DHCP on my little home switch/router that connects to my cable modem, I can use the client and get into my work network. But if I load the client on my home Windows XP home edition PC, if won't let me into the network. I can use my laptop and get into the pix from home and watch on debug as I try to connect from my XP workstation. So the packets make it to the Pix, but the setup of the isakmp dynamic tunnel is not made. I get messages like "No peer information found". Which I thought is the purpose of the client to create a dynamic peer with the pix. What am I doing wrong?
Thanks.
10-04-2004 05:03 PM
No, domain member or not there is no diffrence for the Cisco VPN Client.
Your setup looks like:
PC XP ---- Router ---Intenet ---- PIX --- Network
Laptop
Thats right? From your laptop it works but not from your XP PC !!
Have you Windows XP with SP2? Maybe the Firewall blocks that, add your Application to the trusted list.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide