We help IT Professionals succeed at work.

Cisco PIX - VPN Client (using dial up) issue

jamie177
jamie177 asked
on
Medium Priority
465 Views
Last Modified: 2013-11-16
Hello Experts,

I have an interesting problem here today.  I'm at a clients location trying to get their VPN access going to their office.

Here's the story:  I have a cisco PIX configured for remote  vpn client access.  I have this working just fine at two other locations that are on broadband connections.  They can connect and access the office resources just fine.

This third user is on a dial up modem.  I can establish a connection from the VPN client to the PIX, but I cannot access resources on the office network.  The vpn client is sending encrypted packets to the PIX, but all return packets are bypassed.

Any ideas on why the VPN client would not know these packets are from the encrypted tunnel, decrypt them, and life would be good?

Thanks in advance!

Jamie177
Comment
Watch Question

Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
It sort of depends on the dialup user's ISP. If it is AOL, then they are SOL.
If they are on some other ISP that requires a proxy setting, they may also be SOL.
Does this dial up user get an IP address from the PIX that is in the same subnet as the VPN clients that come in over broadband?

Author

Commented:
That's interesting.  So it's the proxy settings that are causing the VPN traffice to get lost?  I'm in the dark on how dial up ISPs do things.  Some ISPs proxy all the traffic to the rest of the internet?

The dial up users get the same subnet as the broadband users.

Thanks for your help on this lrmoore, you've always been a big help when I've had PIX questions.

Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Any luck with this yet? I've been scratching my head and have not come up with a solution...

Author

Commented:
Well my client changed dial up ISPs and the problem is gone.

I however am having the problem now.  I have the same problem when I try to connect from Verizon DSL and a Cable connection.

I can get connected, but the traffic is not being identified as encrypted so I have 0 packets Decrypted and everything is bypassed.

Any ideas on this one?

Sr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008
Commented:
Do you have nat transparency enabled on the PIX?

  isakmp nat-traversal 20

Do you have the same IP subnet on your home LAN as behind the PIX? i.e. 192.168.1.x on both sides of the link? If yes, this is the primary problem.

What version client are you using? Is your PC XP/SP2? You many need to update your client software.

Did you use the SetMTU utility that comes with the client to set the MTU at 1300 from default 1500?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I think it was the isakmp nat-traversal 20.

I connected from a network that's behind a residential grade linksys.  I added the line to the config and I'll test behind my pix when I get back to the office.  I'll report my findings.

Thanks!

Author

Commented:
That was it!

You're the man lrmoore!  Thanks yet again.

Regards,

Jamie177
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Glad to help!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.