• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Cisco PIX VPN not passing traffic

I have a client VPN setup in a PIX firewall. The VPN connects fine, but it will not pass traffic to the inside network. The config is exactly like the config on Cisco's site, but it will not pass traffic. I am using PIX 6.3(3) and the VPN client is 4.2


1 Solution
can you ping the inside from the pix ??
smathenaAuthor Commented:
Yes, the connectivity from the PIX to the inside is fine. The PIX is passing traffic fine. Once I connect with the VPN, I can't ping to the inside interface or beyond from the client
Do your clients get an IP address in a range that is different from your inside LAN?
You'll never be able to ping the inside interface from the VPN...
Is the PIX's inside interface the default gateway for any other systems that you are trying to access?

Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

I'm assuming that your client machine is running Windows.  Check on the client machine that you're not sharing any internet connections.  If internet connection sharing is enabled, then the client will connect, but not pass any traffic.

MAke sure you peers are set correctly. if you have a edge router and a firewalll behind the edge router sometimes you will need to use the outside interface of the pix not the edge router as that is where your crypto statments are set.
smathenaAuthor Commented:
I actually have solved this problem on my own, but I am not sure how to close out the question with zero points.  THe solution was to enable NAT Traversal and split-tunneling.
Just give the points to those that were helping. Their ideas may have been all you needed to resolve the issue.  
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - Refund points

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer
PAQed with points refunded (170)

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now