Solved

remote peer not responding

Posted on 2004-03-30
11
522 Views
Last Modified: 2010-04-12
Hello,

I have configured a pix 515r for vpn connections. When I try to establish a connection the vpn client 3.x calls error – that remote peer is not responding. We are connected is the ISP with a leased line and a cisco 2501. The 2501 is not nat’ing; the outside interface of the pix has been assigned a registered ip.

I enabled the debug for ipsec, isakmp and engine. The pix is receiving the connection but it’s almost as if there is no route back. I have a single route on the 2501 that routes all traffic to the interface connected to the internet, ip route 0.0.0.0 0.0.0.0 serial1. the pix has a route that routes all traffic to the Ethernet interface on the 2501.

Do I need any other routes with regard to the ip pool? However if I connect my notebook directly to the outside interface of the pix with an ip address on the same range, I can establish a connection…

When trying a connection from a remote site, the sites in question are performing NAT, could this be the problem?

Thanks,
Richard
0
Comment
Question by:savannahmicro
  • 5
  • 2
  • 2
11 Comments
 
LVL 11

Accepted Solution

by:
ewtaylor earned 63 total points
ID: 10735992
The NAT could be the problem. I know with some of the earlier versions of the client it was a problem. Can you try from a non-natted ip address? If you are not already upgrade to version 3.4 and use the tcp encapsulation This will help with NAT/PAT traversiing
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 62 total points
ID: 10736863
>the sites in question are performing NAT, could this be the problem?

Yes. Their end must have a router that enables IPSEC Passthrough.
Agree with ewtaylor. Upgrading the client would help. Using Cisco VPN Client 4.0.x I have no problems
0
 

Author Comment

by:savannahmicro
ID: 10739162
Hi, thanks for the replies,
what i did was as follows:-

- upgaded the pix to 6.3(3) from 6.2 - 633 supports nat-traversal
- used the new client 4.x
- also found article on cisco site relatiing to this problem "Troubleshooting the PIX to pass Data Traffic on an Established IPSec Tunnel" - this was a valuble article.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

Thanks for your contributions.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740381
So all is working now?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740636
Nice to see you back lrmoore I missed ya
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10740864
Been busy lately, thought I'd pop in once in a while..
<8-}
0
 

Author Comment

by:savannahmicro
ID: 10741135
Yip it's all working now.
Thank you.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10741288
No problem, glad to be of help
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10777950
Make sure you close out the question, if you have any questions on how to do that let me know.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL per VPN User 12 102
TCP Connection Established 14 84
Problem connecting to MS SQL server via VPN 10 76
Purpose of Azure Gateway Subnet when creating a VPN 3 63
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now