Solved

Pass Client to Site IPSec VPN Tunnell Through Pix 6.3x

Posted on 2006-10-26
5
714 Views
Last Modified: 2013-11-16
I am trying to allow a client to site VPN tunnell through a PIX Firewall (version 6.3x).  Can anyone shed any light?
0
Comment
Question by:jhartlov
  • 3
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 375 total points
ID: 17814804
Depends. What client are they using?
Do you have your own VPN configuration for external users to VPN in, or have a site-site VPN tunnel?

2 things to try:
 isakmp nat-traversal 20  <== other end must be setup to allow allow clients to use nat-traversal
 fixup protocol ike-esp <== can't use this if you also have VPN's on your PIX

Else, give this client a 1-1 static nat if you have enough public IP addresses.
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17814827
I am using this to terminate site to site tunnels as well as to terminate client to site tunnels.  Not looking good?
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17814872
Would it be easier if I were to upgrade this box to PIX v7?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17815186
7.0 does not provide any advantage in this regard.
What client software are they using? A 1-1 static nat will fix the issue..
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17815983
isakmp nat-traversal on the other end did the trick!  Thanks!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco MRA Phones 4 68
Native Vlans, Tagged & untagged annnd Trunks 6 47
Cisco Any Connect Client 5 37
ASA - RV130 VPN tunnel, cannot pass traffic 8 52
This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now