Firewall Wizards mailing list archives

RE: Cisco VPN Client Behind a Cisco PIX or Router

From: "Melson, Paul" <PMelson () sequoianet com>
Date: Wed, 1 Sep 2004 15:01:28 -0400

First, the 515E that the VPN client connects to should probably have
'isakmp nat-traversal' set.  That might take care of it right there.
Also, if the PIX that the VPN client sits behind has a global NAT
assigned to 'interface outside', consider creating a separate NAT
address on the outside subnet for global NAT to use.  (This won't be
possible if you only have a single IP address available, like in a SOHO
/ residential setup.)

PaulM

-----Original Message-----
I have configured a Cisco VPN Client (4.6.00)  to connect to
a Cisco PIX 
515E [6.3(3)].  The VPN works great except when the VPN 
client is behind 
another PIX or a Cisco router.   If the VPN client behind a 
PIX or a Cisco 
router I can make the initial connect fine but I cannot pass 
any traffic 
(pings time out and protocols do not connect).

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco VPN Client Behind a Cisco PIX or Router Al Cooper (Sep 01)
- Re: Cisco VPN Client Behind a Cisco PIX or Router james (Sep 01)
  - Re: Cisco VPN Client Behind a Cisco PIX or Router UCX Foe (Sep 02)
- <Possible follow-ups>
- Re: Cisco VPN Client Behind a Cisco PIX or Router Al Cooper (Sep 01)
- RE: Cisco VPN Client Behind a Cisco PIX or Router Melson, Paul (Sep 01)