Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

problem connecting to Cisco PIX (IPSEC) when behind Cisco ASA

Posted on 2007-11-28
3
Medium Priority
?
1,858 Views
Last Modified: 2012-05-05
Hello !

I have some wired problem, and I am sure it is Cisco ASA 5505.
The scenario is described below:

We have configured Cisco PIX 501 for our customer to accept VPN (IPSEC) connections using standard old Cisco VPN Client. So when the customers are sitting on Internet Cafe in the City or at home they can connect to VPN and access all their servers on corporate network.

BUT they have problems if they are siting somewhere where the Cisco ASA is used as firewall.
I had a conversation with these peoples where the ASA is used and they said NOTHING IS BLOCKED, so they told me they can`t understand why it is not possible to connect to VPN.

The symptoms of this problems are :

If these customers are sitting behind Cisco ASA, than they CAN connect to Cisco PIX no problems at all, BUT when they try to ping one of the internals ip addresses, than there is no response. Also when they try to open (log on to server via RDP) than THIS IS NOT POSSIBLE.

So I am 100 % that ASA is the problem (5505, 5520) etc...... This ASA is using 8.2 ASA version

I hope someone have solution for this problem or in all case suggestions which may help.
Still thinking maybe this is the very much alike the scenario when we need manually PERMIT PPTP connections trough the Cisco PIX.
0
Comment
Question by:Shex_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 20368426
Does the PIX have this command?
 isamp nat-traversal 20

The ASA may have something like this:
 no crypto isakmp nat-traversal

If this configuration is in the ASA, then it neecs to be changed to allow nat-traversal
0
 

Author Comment

by:Shex_
ID: 20368900
Hi Irmoore, thank You very much for reply !!

No, the PIX does not have this command
isamp nat-traversal 20

Yes, the Cisco ASA have this command
no crypto isakmp nat-traversal

What You suggest ?

Add this command to the PIX :
isamp nat-traversal 20

And change config on the ASA to permit nat-traversal ?

Could You please explain me with just little explanation why this should be uset ? (NAT TRAVERSAL)

Thank You very much again !!

Best regards

0
 

Author Comment

by:Shex_
ID: 20370362
I added nat traversal command on the pix :

isamp nat-traversal 20

and it work now !!

Thank You very much again for helping me !!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question