Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Pass Client to Site IPSec VPN Tunnell Through Pix 6.3x

Posted on 2006-10-26
5
Medium Priority
?
727 Views
Last Modified: 2013-11-16
I am trying to allow a client to site VPN tunnell through a PIX Firewall (version 6.3x).  Can anyone shed any light?
0
Comment
Question by:jhartlov
  • 3
  • 2
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1500 total points
ID: 17814804
Depends. What client are they using?
Do you have your own VPN configuration for external users to VPN in, or have a site-site VPN tunnel?

2 things to try:
 isakmp nat-traversal 20  <== other end must be setup to allow allow clients to use nat-traversal
 fixup protocol ike-esp <== can't use this if you also have VPN's on your PIX

Else, give this client a 1-1 static nat if you have enough public IP addresses.
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17814827
I am using this to terminate site to site tunnels as well as to terminate client to site tunnels.  Not looking good?
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17814872
Would it be easier if I were to upgrade this box to PIX v7?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17815186
7.0 does not provide any advantage in this regard.
What client software are they using? A 1-1 static nat will fix the issue..
0
 
LVL 1

Author Comment

by:jhartlov
ID: 17815983
isakmp nat-traversal on the other end did the trick!  Thanks!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question