• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 396
  • Last Modified:

Connecting to a PIX 525 firewall using the cisco VPN client behind a firewall

I have an issue with one of our clients connecting to our PIX 525 using the cisco vpn client behind a fireall.
The client is able to establish the VPN session but no data can be passed between the client and the firewall.
The same client is able to successfully connect and pass data when they connect outside of the firewall.
I have 2 questions;

1.  The client has suggested switching to tcp transport from udp to resolve the issue. How do I configure a TCP session on the PIX 525?

2. Is there any other setting I should be looking at to allow connectivity behind the firewall?

1 Solution

To respond to question 1:

PIX OS versions below 7.0(1) don't support TCP encapsulation. You can upgrade to 7.0 but be aware there are some major changes in that release. Good preperations are a must.

question 2:

You can try adding the following line to your config:

isakmp nat-traversal 30

Good luck!

What firewall are they using?

Have you asked if they have IP protocol number 50 (ESP) permitted outbound?
spmorrisonAuthor Commented:
the PIX OS upgrade to 7.0 did the trick. Thanks!

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now