Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

remote peer not responding

Hello,

I have configured a pix 515r for vpn connections. When I try to establish a connection the vpn client 3.x calls error – that remote peer is not responding. We are connected is the ISP with a leased line and a cisco 2501. The 2501 is not nat’ing; the outside interface of the pix has been assigned a registered ip.

I enabled the debug for ipsec, isakmp and engine. The pix is receiving the connection but it’s almost as if there is no route back. I have a single route on the 2501 that routes all traffic to the interface connected to the internet, ip route 0.0.0.0 0.0.0.0 serial1. the pix has a route that routes all traffic to the Ethernet interface on the 2501.

Do I need any other routes with regard to the ip pool? However if I connect my notebook directly to the outside interface of the pix with an ip address on the same range, I can establish a connection…

When trying a connection from a remote site, the sites in question are performing NAT, could this be the problem?

Thanks,
Richard
0
savannahmicro
Asked:
savannahmicro
  • 5
  • 2
  • 2
2 Solutions
 
ewtaylorCommented:
The NAT could be the problem. I know with some of the earlier versions of the client it was a problem. Can you try from a non-natted ip address? If you are not already upgrade to version 3.4 and use the tcp encapsulation This will help with NAT/PAT traversiing
0
 
lrmooreCommented:
>the sites in question are performing NAT, could this be the problem?

Yes. Their end must have a router that enables IPSEC Passthrough.
Agree with ewtaylor. Upgrading the client would help. Using Cisco VPN Client 4.0.x I have no problems
0
 
savannahmicroAuthor Commented:
Hi, thanks for the replies,
what i did was as follows:-

- upgaded the pix to 6.3(3) from 6.2 - 633 supports nat-traversal
- used the new client 4.x
- also found article on cisco site relatiing to this problem "Troubleshooting the PIX to pass Data Traffic on an Established IPSec Tunnel" - this was a valuble article.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a008009448c.shtml

Thanks for your contributions.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
ewtaylorCommented:
So all is working now?
0
 
ewtaylorCommented:
Nice to see you back lrmoore I missed ya
0
 
lrmooreCommented:
Been busy lately, thought I'd pop in once in a while..
<8-}
0
 
savannahmicroAuthor Commented:
Yip it's all working now.
Thank you.
0
 
ewtaylorCommented:
No problem, glad to be of help
0
 
ewtaylorCommented:
Make sure you close out the question, if you have any questions on how to do that let me know.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now