Cisco PIX - VPN Client (using dial up) issue

Hello Experts,

I have an interesting problem here today.  I'm at a clients location trying to get their VPN access going to their office.

Here's the story:  I have a cisco PIX configured for remote  vpn client access.  I have this working just fine at two other locations that are on broadband connections.  They can connect and access the office resources just fine.

This third user is on a dial up modem.  I can establish a connection from the VPN client to the PIX, but I cannot access resources on the office network.  The vpn client is sending encrypted packets to the PIX, but all return packets are bypassed.

Any ideas on why the VPN client would not know these packets are from the encrypted tunnel, decrypt them, and life would be good?

Thanks in advance!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It sort of depends on the dialup user's ISP. If it is AOL, then they are SOL.
If they are on some other ISP that requires a proxy setting, they may also be SOL.
Does this dial up user get an IP address from the PIX that is in the same subnet as the VPN clients that come in over broadband?
jamie177Author Commented:
That's interesting.  So it's the proxy settings that are causing the VPN traffice to get lost?  I'm in the dark on how dial up ISPs do things.  Some ISPs proxy all the traffic to the rest of the internet?

The dial up users get the same subnet as the broadband users.

Thanks for your help on this lrmoore, you've always been a big help when I've had PIX questions.

Any luck with this yet? I've been scratching my head and have not come up with a solution...
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

jamie177Author Commented:
Well my client changed dial up ISPs and the problem is gone.

I however am having the problem now.  I have the same problem when I try to connect from Verizon DSL and a Cable connection.

I can get connected, but the traffic is not being identified as encrypted so I have 0 packets Decrypted and everything is bypassed.

Any ideas on this one?

Do you have nat transparency enabled on the PIX?

  isakmp nat-traversal 20

Do you have the same IP subnet on your home LAN as behind the PIX? i.e. 192.168.1.x on both sides of the link? If yes, this is the primary problem.

What version client are you using? Is your PC XP/SP2? You many need to update your client software.

Did you use the SetMTU utility that comes with the client to set the MTU at 1300 from default 1500?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jamie177Author Commented:
I think it was the isakmp nat-traversal 20.

I connected from a network that's behind a residential grade linksys.  I added the line to the config and I'll test behind my pix when I get back to the office.  I'll report my findings.

jamie177Author Commented:
That was it!

You're the man lrmoore!  Thanks yet again.


Glad to help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.