Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

remote peer not responding

Posted on 2004-03-30
11
Medium Priority
?
529 Views
Last Modified: 2010-04-12
Hello,

I have configured a pix 515r for vpn connections. When I try to establish a connection the vpn client 3.x calls error – that remote peer is not responding. We are connected is the ISP with a leased line and a cisco 2501. The 2501 is not nat’ing; the outside interface of the pix has been assigned a registered ip.

I enabled the debug for ipsec, isakmp and engine. The pix is receiving the connection but it’s almost as if there is no route back. I have a single route on the 2501 that routes all traffic to the interface connected to the internet, ip route 0.0.0.0 0.0.0.0 serial1. the pix has a route that routes all traffic to the Ethernet interface on the 2501.

Do I need any other routes with regard to the ip pool? However if I connect my notebook directly to the outside interface of the pix with an ip address on the same range, I can establish a connection…

When trying a connection from a remote site, the sites in question are performing NAT, could this be the problem?

Thanks,
Richard
0
Comment
Question by:savannahmicro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
11 Comments
 
LVL 11

Accepted Solution

by:
ewtaylor earned 252 total points
ID: 10735992
The NAT could be the problem. I know with some of the earlier versions of the client it was a problem. Can you try from a non-natted ip address? If you are not already upgrade to version 3.4 and use the tcp encapsulation This will help with NAT/PAT traversiing
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 248 total points
ID: 10736863
>the sites in question are performing NAT, could this be the problem?

Yes. Their end must have a router that enables IPSEC Passthrough.
Agree with ewtaylor. Upgrading the client would help. Using Cisco VPN Client 4.0.x I have no problems
0
 

Author Comment

by:savannahmicro
ID: 10739162
Hi, thanks for the replies,
what i did was as follows:-

- upgaded the pix to 6.3(3) from 6.2 - 633 supports nat-traversal
- used the new client 4.x
- also found article on cisco site relatiing to this problem "Troubleshooting the PIX to pass Data Traffic on an Established IPSec Tunnel" - this was a valuble article.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

Thanks for your contributions.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740381
So all is working now?
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740636
Nice to see you back lrmoore I missed ya
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10740864
Been busy lately, thought I'd pop in once in a while..
<8-}
0
 

Author Comment

by:savannahmicro
ID: 10741135
Yip it's all working now.
Thank you.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10741288
No problem, glad to be of help
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10777950
Make sure you close out the question, if you have any questions on how to do that let me know.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question