Cannoth establish UDP VPN connections from behind pix 501

My setup is as follows:
  Linksys router connected to Cable modem
   port 80 forwards to my web server
  vpn passthrough enabled
  default route for web server goes through Linksys router


PIX 501 behind Linksys
  All computer clients connected to the PIX.
 
Using Cisco VPN client 4.6.0049

Problem:
  I can establish both UDP and TCP VPN connections from my web server through the Linksys
  I can establish TCP VPN connections from behind the PIX
  I CANNOT establish UDP VPN connections from behind the PIX.


Here is my config Thanks in advance!

PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.2.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp nat-traversal 20
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80

pHOdATAsked:
Who is Participating?
 
lrmooreCommented:
Do you have the PIX outside IP as the DMZ host?
What function is the Linksys providing beyond what the PIX itself can provide? I would say to take the Linksys completely out of the picture and try just putting the PIX on a public IP on the outside, forward port 80 to your web server and protect all clients this way.

>isakmp nat-traversal 20
That command already in your PIX is what enables use of UDP, so there is nothing wrong with your PIX config.
0
 
pHOdATAuthor Commented:
OK, I have removed the linksys totally and re cabled my network to go out the pix. I just shut down the web server for now just as a test. I am still having the same problem. I can VPN over TCP but cannot over UDP. Aaahhhh!
0
 
pHOdATAuthor Commented:
I believe I have found the answer from another one of your posts. I had to add fixup protocol esp-ike to my config and she worked like a charm. I am going to try and cable my network the way it was before to see if it will work.
0
 
pHOdATAuthor Commented:
after recabling my network using the Linksys as my internet gateway. All is still working. Looks like the fixup protocol command was the missing link. Thanks!
0
 
lrmooreCommented:
Good job!
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.