Firewall Wizards mailing list archives

RE: Cisco Remote Access VPN Problem

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 7 Sep 2005 14:21:42 -0400

Static arp entries using the arp command won't help.  Enabling proxy-arp on
FE0/1 might.

PaulM 

-----Original Message-----
Subject: [fw-wiz] Cisco Remote Access VPN Problem

Hi Folks 

I can get the tunnel successfully established ,the client successfully
authenticated with RADIUS, SA's formed and virtual ips (from the dmz)
assigned to the remote vpn client. There's static routes present on the 2600
to route internal network traffic to the dmz gateway (ie. fw) which
subsequently has rules to route these vpn traffic inside the internal
network.

...

As a workaround, i tried putting in some static arp entries on the fw , for
these virtual ips to point to physical dmz interface of the vpn device The
ensuring result was that return traffic made it way back to the vpn device,
but then couldn't get to the actual vpn client :-(


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco Remote Access VPN Problem Firewall-Wizards (Sep 07)
- RE: Cisco Remote Access VPN Problem Paul Melson (Sep 07)
- <Possible follow-ups>
- RE: Cisco Remote Access VPN Problem Firewall-Wizards (Sep 08)