We help IT Professionals succeed at work.

Can't connect to remote VPN using Netgear Prosafe client while behind Cisco Pix 501

mwagoner_73
mwagoner_73 asked
on
597 Views
Last Modified: 2011-04-14
In our office we have a Cisco Pix 501 firewall / vpn device sitting behind a Cisco 2800 series router.  One of our developers needs to connect to a client VPN using the NetGear Prosafe VPN Client software.  All settings for the vpn connection have been verified but we can't seem to conect.  In the log viewer the following error messages are returned:

- initiating IKE Phase 1 (IP ADDR: xxx.xxx.xxx.xxx)
- SENDING >>>>>>>>> ISAKMP OAK MM (SA, VID, 2x)
- Message not received Retransmitting!
- SENDING >>>>>>>>> ISAKMP OAK MM (Retransmission)

then it just repeats until it times out....

any suggestions or can you help point in the right direction???  Is it something on the Cisco PIX device or the 2800??



Comment
Watch Question

Top Expert 2008

Commented:
Is he trying to connect to the PIX with this client or is he trying to connect to a device outside your network from behind the PIX. Basic question restated is where is the client in refernce to your user.
Top Expert 2008

Commented:
If he is behind your pix by default the PIX blocks ISAKMP traffic from the internal interface.
I believe the command to enable it is "isakmp enable inside"

Commented:
Add this command to your config :
fixup protocol esp-ike
If that does not work, attach configs of both router and pix.
Top Expert 2008

Commented:
ck459 is tha man(or woman),  fixup protocol esp-ike is the right command.

Commented:
Still a man and not planning to change that ;-)

Author

Commented:
the client we are trying to connect is outside of the PIX on a different network.  I will try the above solutions you mentioned.  thanks!

Author

Commented:
riddle me this???  why would the netgear sw blow out the Cisco VPN client SW that was already installed on the machine, and is there anyway to have both pieces of client sw on the same system and live in harmony???

thanks again!
Top Expert 2008
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.