Firewall Wizards mailing list archives
PIX VPN Question
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Wed, 4 Jun 2003 23:33:19 -0500
All, Having an issue with a VPN configuration for a PIX and I am missing something that I can't figure out. Here is the scenario: VPNCLIENT-----PIX501----INET-----PIX506 VPN Client is running Cisco VPN Client 4.0.1. PIX 506 is running 6.2(2). PIX 501 is running 6.2(2). I have configured the PIX 506 to support clients connecting. If I connect without the PIX501 in between the VPNCLIENT and the PIX506, it works perfect. I connect, authenticate, can browse remote resources, can browse the internet, everything. As soon as I put the VPNCLIENT behind the PIX501 it stops being able to connect. I have tried using it with "Enable Transport Tunneling" selected and using both "IPSec over UDP/NAT" and "IPSec over TCP" with port 10000 in use. When I set the UDP/Nat setting, I don't even see connection attempts being translated in the PIX501. If I set it to TCP I can see the translations created in the PIX501 but I don't see anything on the PIX506. Is there something I need to run on the PIX506 to configure it to expect TCP VPN connections inbound on port 10000? The PIX501 is running PAT on a single external IP address. I have checked Cisco's website and can't find anything that details configuring a VPN through a PIX using a VPNCLIENT. I feel like I am missing something (obviously) but I can't seem to put my finger on what it is. Any help is appreciated. Thanks. Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com <http://www.bmc.com/> _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX VPN Question Noonan, Wesley (Jun 05)
- Re: PIX VPN Question Dave Rinker (Jun 06)