Firewall Wizards mailing list archives
Re: Cisco VPN Client Behind a Cisco PIX or Router
From: james <james () jdfogg com>
Date: 01 Sep 2004 15:16:09 -0400
On Wed, 2004-09-01 at 12:42, Al Cooper wrote:
I have configured a Cisco VPN Client (4.6.00) to connect to a Cisco PIX 515E [6.3(3)]. The VPN works great except when the VPN client is behind another PIX or a Cisco router. If the VPN client behind a PIX or a Cisco router I can make the initial connect fine but I cannot pass any traffic (pings time out and protocols do not connect). If I am behind my Linux (IPCop) firewall or at a hotel (unknown firewall, probably a cable modem) I do not have a problem. I can connect and pass traffic.
I have run into this also, it has to do with the PIX not having an IPSec proxy. I did get some help once but never got it to run. As I recall you need to allow IP port 50 inbound through the PIX that is shielding the client. Someone clued me into why the solution may have not worked for me - I had random sequence numbers enabled and that will break IPSec. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco VPN Client Behind a Cisco PIX or Router Al Cooper (Sep 01)
- Re: Cisco VPN Client Behind a Cisco PIX or Router james (Sep 01)
- Re: Cisco VPN Client Behind a Cisco PIX or Router UCX Foe (Sep 02)
- <Possible follow-ups>
- Re: Cisco VPN Client Behind a Cisco PIX or Router Al Cooper (Sep 01)
- RE: Cisco VPN Client Behind a Cisco PIX or Router Melson, Paul (Sep 01)
- Re: Cisco VPN Client Behind a Cisco PIX or Router james (Sep 01)