Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 535
  • Last Modified:

remote peer not responding

Hello,

I have configured a pix 515r for vpn connections. When I try to establish a connection the vpn client 3.x calls error – that remote peer is not responding. We are connected is the ISP with a leased line and a cisco 2501. The 2501 is not nat’ing; the outside interface of the pix has been assigned a registered ip.

I enabled the debug for ipsec, isakmp and engine. The pix is receiving the connection but it’s almost as if there is no route back. I have a single route on the 2501 that routes all traffic to the interface connected to the internet, ip route 0.0.0.0 0.0.0.0 serial1. the pix has a route that routes all traffic to the Ethernet interface on the 2501.

Do I need any other routes with regard to the ip pool? However if I connect my notebook directly to the outside interface of the pix with an ip address on the same range, I can establish a connection…

When trying a connection from a remote site, the sites in question are performing NAT, could this be the problem?

Thanks,
Richard
0
savannahmicro
Asked:
savannahmicro
  • 5
  • 2
  • 2
2 Solutions
 
ewtaylorCommented:
The NAT could be the problem. I know with some of the earlier versions of the client it was a problem. Can you try from a non-natted ip address? If you are not already upgrade to version 3.4 and use the tcp encapsulation This will help with NAT/PAT traversiing
0
 
lrmooreCommented:
>the sites in question are performing NAT, could this be the problem?

Yes. Their end must have a router that enables IPSEC Passthrough.
Agree with ewtaylor. Upgrading the client would help. Using Cisco VPN Client 4.0.x I have no problems
0
 
savannahmicroAuthor Commented:
Hi, thanks for the replies,
what i did was as follows:-

- upgaded the pix to 6.3(3) from 6.2 - 633 supports nat-traversal
- used the new client 4.x
- also found article on cisco site relatiing to this problem "Troubleshooting the PIX to pass Data Traffic on an Established IPSec Tunnel" - this was a valuble article.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

Thanks for your contributions.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ewtaylorCommented:
So all is working now?
0
 
ewtaylorCommented:
Nice to see you back lrmoore I missed ya
0
 
lrmooreCommented:
Been busy lately, thought I'd pop in once in a while..
<8-}
0
 
savannahmicroAuthor Commented:
Yip it's all working now.
Thank you.
0
 
ewtaylorCommented:
No problem, glad to be of help
0
 
ewtaylorCommented:
Make sure you close out the question, if you have any questions on how to do that let me know.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now