Solved

remote peer not responding

Posted on 2004-03-30
11
525 Views
Last Modified: 2010-04-12
Hello,

I have configured a pix 515r for vpn connections. When I try to establish a connection the vpn client 3.x calls error – that remote peer is not responding. We are connected is the ISP with a leased line and a cisco 2501. The 2501 is not nat’ing; the outside interface of the pix has been assigned a registered ip.

I enabled the debug for ipsec, isakmp and engine. The pix is receiving the connection but it’s almost as if there is no route back. I have a single route on the 2501 that routes all traffic to the interface connected to the internet, ip route 0.0.0.0 0.0.0.0 serial1. the pix has a route that routes all traffic to the Ethernet interface on the 2501.

Do I need any other routes with regard to the ip pool? However if I connect my notebook directly to the outside interface of the pix with an ip address on the same range, I can establish a connection…

When trying a connection from a remote site, the sites in question are performing NAT, could this be the problem?

Thanks,
Richard
0
Comment
Question by:savannahmicro
  • 5
  • 2
  • 2
11 Comments
 
LVL 11

Accepted Solution

by:
ewtaylor earned 63 total points
ID: 10735992
The NAT could be the problem. I know with some of the earlier versions of the client it was a problem. Can you try from a non-natted ip address? If you are not already upgrade to version 3.4 and use the tcp encapsulation This will help with NAT/PAT traversiing
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 62 total points
ID: 10736863
>the sites in question are performing NAT, could this be the problem?

Yes. Their end must have a router that enables IPSEC Passthrough.
Agree with ewtaylor. Upgrading the client would help. Using Cisco VPN Client 4.0.x I have no problems
0
 

Author Comment

by:savannahmicro
ID: 10739162
Hi, thanks for the replies,
what i did was as follows:-

- upgaded the pix to 6.3(3) from 6.2 - 633 supports nat-traversal
- used the new client 4.x
- also found article on cisco site relatiing to this problem "Troubleshooting the PIX to pass Data Traffic on an Established IPSec Tunnel" - this was a valuble article.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

Thanks for your contributions.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740381
So all is working now?
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10740636
Nice to see you back lrmoore I missed ya
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10740864
Been busy lately, thought I'd pop in once in a while..
<8-}
0
 

Author Comment

by:savannahmicro
ID: 10741135
Yip it's all working now.
Thank you.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10741288
No problem, glad to be of help
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10777950
Make sure you close out the question, if you have any questions on how to do that let me know.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question