VPN Client to PIX 506E Behind Efficient 5851 Router Fails (reason 412)

Posted on 2006-06-03
Last Modified: 2013-11-16
Hello Experts,

I recently setup a 506E, behind an Efficient Systems 5851 SDSL router.  The router is set to use public addresses (no natting).  I am port forwarding 25 and 80 from the public interface to an internal mail server.  Is there a way to use another public IP (I have 4 free) rather than the interface IP?  I used the wizzard to setup the VPN, which I've used before successfully, but I'm getting a no response from the 506 when attempting to connect from the client.  Using group permissions.  The same laptop/client successfully connects to another 506E which is in production so I know it's not the client or laptop.  Could the router be preventing IPSec/UDP from passing through?  Any concise way to confirm this, if so?  Monday I'll blow off the VPN setup and run the wizzard again but this process is usually pretty simple and has worked in the past for me.  



Question by:sgh_aba
    LVL 32

    Accepted Solution

    Okay, there are 2 questions here;

    1. How to use additional IPs available, on the PIX. Simple;

    static (inside, outside) PublicIP-1 Internal-1 netmask
    static (inside, outside) PublicIP-2 Internal-2 netmask

    and so on. Make sure the access-lists allow the traffic inwards. If you can't get it to work, post the full configuration.

    2. VPN Problem.

    Make sure IPSEC traffic is allowed to flow through the router. By default it might be off.

    LVL 1

    Author Comment

    thanks Rajesh.  Was able to get it running...


    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now