Cisco PIX - VPN Client (using dial up) issue

Hello Experts,

I have an interesting problem here today.  I'm at a clients location trying to get their VPN access going to their office.

Here's the story:  I have a cisco PIX configured for remote  vpn client access.  I have this working just fine at two other locations that are on broadband connections.  They can connect and access the office resources just fine.

This third user is on a dial up modem.  I can establish a connection from the VPN client to the PIX, but I cannot access resources on the office network.  The vpn client is sending encrypted packets to the PIX, but all return packets are bypassed.

Any ideas on why the VPN client would not know these packets are from the encrypted tunnel, decrypt them, and life would be good?

Thanks in advance!

Jamie177
jamie177Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
lrmooreConnect With a Mentor Commented:
Do you have nat transparency enabled on the PIX?

  isakmp nat-traversal 20

Do you have the same IP subnet on your home LAN as behind the PIX? i.e. 192.168.1.x on both sides of the link? If yes, this is the primary problem.

What version client are you using? Is your PC XP/SP2? You many need to update your client software.

Did you use the SetMTU utility that comes with the client to set the MTU at 1300 from default 1500?

0
 
lrmooreCommented:
It sort of depends on the dialup user's ISP. If it is AOL, then they are SOL.
If they are on some other ISP that requires a proxy setting, they may also be SOL.
Does this dial up user get an IP address from the PIX that is in the same subnet as the VPN clients that come in over broadband?
0
 
jamie177Author Commented:
That's interesting.  So it's the proxy settings that are causing the VPN traffice to get lost?  I'm in the dark on how dial up ISPs do things.  Some ISPs proxy all the traffic to the rest of the internet?

The dial up users get the same subnet as the broadband users.

Thanks for your help on this lrmoore, you've always been a big help when I've had PIX questions.

0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
lrmooreCommented:
Any luck with this yet? I've been scratching my head and have not come up with a solution...
0
 
jamie177Author Commented:
Well my client changed dial up ISPs and the problem is gone.

I however am having the problem now.  I have the same problem when I try to connect from Verizon DSL and a Cable connection.

I can get connected, but the traffic is not being identified as encrypted so I have 0 packets Decrypted and everything is bypassed.

Any ideas on this one?

0
 
jamie177Author Commented:
I think it was the isakmp nat-traversal 20.

I connected from a network that's behind a residential grade linksys.  I added the line to the config and I'll test behind my pix when I get back to the office.  I'll report my findings.

Thanks!
0
 
jamie177Author Commented:
That was it!

You're the man lrmoore!  Thanks yet again.

Regards,

Jamie177
0
 
lrmooreCommented:
Glad to help!
0
All Courses

From novice to tech pro — start learning today.