asked on Can't connect to remote VPN using Netgear Prosafe client while behind Cisco Pix 501
In our office we have a Cisco Pix 501 firewall / vpn device sitting behind a Cisco 2800 series router. One of our developers needs to connect to a client VPN using the NetGear Prosafe VPN Client software. All settings for the vpn connection have been verified but we can't seem to conect. In the log viewer the following error messages are returned:
- initiating IKE Phase 1 (IP ADDR: xxx.xxx.xxx.xxx)
- SENDING >>>>>>>>> ISAKMP OAK MM (SA, VID, 2x)
- Message not received Retransmitting!
- SENDING >>>>>>>>> ISAKMP OAK MM (Retransmission)
then it just repeats until it times out....
any suggestions or can you help point in the right direction??? Is it something on the Cisco PIX device or the 2800??
- initiating IKE Phase 1 (IP ADDR: xxx.xxx.xxx.xxx)
- SENDING >>>>>>>>> ISAKMP OAK MM (SA, VID, 2x)
- Message not received Retransmitting!
- SENDING >>>>>>>>> ISAKMP OAK MM (Retransmission)
then it just repeats until it times out....
any suggestions or can you help point in the right direction??? Is it something on the Cisco PIX device or the 2800??
Hardware FirewallsCiscoVPN
Last Comment
bkepford
Is he trying to connect to the PIX with this client or is he trying to connect to a device outside your network from behind the PIX. Basic question restated is where is the client in refernce to your user.
If he is behind your pix by default the PIX blocks ISAKMP traffic from the internal interface.
I believe the command to enable it is "isakmp enable inside"
I believe the command to enable it is "isakmp enable inside"
Add this command to your config :
fixup protocol esp-ike
If that does not work, attach configs of both router and pix.
fixup protocol esp-ike
If that does not work, attach configs of both router and pix.
ck459 is tha man(or woman), fixup protocol esp-ike is the right command.
Still a man and not planning to change that ;-)
ASKER
the client we are trying to connect is outside of the PIX on a different network. I will try the above solutions you mentioned. thanks!
ASKER
riddle me this??? why would the netgear sw blow out the Cisco VPN client SW that was already installed on the machine, and is there anyway to have both pieces of client sw on the same system and live in harmony???
thanks again!
thanks again!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.