Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't run Mobile VPN client from behind a firewall

Status
Not open for further replies.
BigFinn

BigFinn

MIS
Aug 28, 2003
64
0
0
GB
I need to connect to our PIX at work via VPN client. This works fine when my PC is connected directly to the Internet (cable modem), but refuses to work when my PIX at home is set up in between the client PC and the cable modem.

When VPNing 'through' the PIX, the VPN client comes up, the padlock closes and DPD keepalives travel back and forth up the tunnel (I can see them in the logs). It appears to be working correctly.

I can also see the change in my client PC when the VPN client starts up (I get an IP address for the CISCO VPN adapter, the VPN group WINS server IP address is configured) but I cannot send any traffic to the LAN at work. I can't ping anything, not even the WINS server I can see dynamically configured in the IP properties on the client PC.

Has anyone had similar experience?

Kind Regards

BF
 
Sort by date Sort by votes
You probably do need NAT traversal. Another problem could be that you are using the same IP address range at work and at home, that will cause problems also.

Look in status-statistics-route details on your VPN client, are the remote LANs there?

 
Upvote 0 Downvote
Actually, the stats route details always shows 0.0.0.0 when im connected.

Its the sho isakmp or sho crypto sa PIX commands that help diagnose the tunnels.

(Get connected to the PIX via SSH first)



 
Upvote 0 Downvote
I had similar problem
isakmp nat-traversal 20 on the PIX did solve problem,
and you need to open udp/4500 port on the gateway to Internet.

Hope it would help.
 
Upvote 0 Downvote
Hi NickDJ, others,

thanks for the answers.

Does that udp/4500 port need to be opened on the PIX at the corporate LAN where I'm trying to connect to, or on my PIX standing in the way?

BF
 
Upvote 0 Downvote
sysopt connection permit-isakmp" does it for the pix
other routers in front may need an ACL
or a simple "IPSec passthrough" selection for you

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
152
intel233
intel233
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
49
Russtoleum
Russtoleum
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
177
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
53
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top