Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Has anyone out there had any succes

Status
Not open for further replies.
apeasecpc

apeasecpc

IS-IT--Management
Jul 29, 2002
403
US
Has anyone out there had any success setting up a PIX to Symantec site-to-site vpn?

I am working with a PIX 515 and a Symantec 200R, attempting to do 3des md5.

Dynamic pre-shared key completes phase 1 but fails to authenticate in phase 2.

I can get des md5 to work intermittently, but only sometimes if the connection is initiated from the 200R, and never when initiated from the PIX.

The 200R is very limited in configuration options, so I am trying to configure the more flexible PIX to conform to the Symantec's needs.

I can't get any tech support from Symantec unless I purchase an $800 support contract, which I am trying to avoid if I can.

As an added complication, I don't have direct access to the PIX, but have to do everything through a consultant.

What would be helpful is if someone who has a working connection could post the pertinent configuration settings between the two. Of course I am also open for any ideas or suggestions.

P.S. I can get a vpn to work using the Symantec client software from a W98 PC, so I don't think this is a hardware problem, at least not with the Symantec device.
 
Sort by date Sort by votes
Just saw this somewhere today:
Cisco's next major release will fix VPN issues with SEF7. PIX IOS in an ED release (pix622120.bin),
scheduled delivery of this release is March,

Possbile socurce for additional info

HANDLE UNEXPECTED CISCO BUGS | Tom Lancaster

As fantastic as Cisco's IOS is, it's not completely bug-free. And unfortunately, these bugs often occur in the most complicated configurations like IPsec implementations. One particularly annoying issue that plagues several versions happens when IOS attempts to set up an encrypted tunnel,
but the tunnel fails. At some point, the information in the router's memory doesn't get cleared when it should
and this prevents the success of future attempts. This can drive technicians crazy, because the configuration was working in the past, and suddenly seems not to be working.

Read the entire tip here:
 
Upvote 0 Downvote
We had a problem connecting a Raptor 6.5 to a Cisco VPN3000 and if I remember right we upgraded to 6.5.2 (or was it 6.5.3) and also got a fix to the Cisco box.

And it has been running for 6 months now
 
Upvote 0 Downvote
Presently I am using the Symantec client software and completely bypassing the Cisco.

I am now aware of several small VPN appliances that have trouble working with Cisco firewalls. The tech who was supporting the Cisco kept suggesting I should buy a Cisco myself in order to get it to work, but I had already paid for the Symantec and had a hunch that the problem was really on the Cisco end anyway. Now I am pretty sure of it.

I have to admit that Cisco is highly configurable, but all that configurability is of no value if it doesn't work using the same standards that everyone else uses.
 
Upvote 0 Downvote
Has anyone seen smtp 503 errors when using raptor version 6.5.3 in conjunction with mimesweeper.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
246
Sparrow4
Sparrow4
DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
54
DROFNUD
DROFNUD
RodneyMcSnow
  • Locked
  • Question
Windows 8.1 PRO has to open connections when NETSTAT is used.
Replies
0
Views
69
RodneyMcSnow
RodneyMcSnow
quazimotto
  • Locked
  • Question
Can't get Out
Replies
1
Views
174
quazimotto
quazimotto
Billz66
  • Locked
  • Question
Scripting anyconnect
Replies
1
Views
107
Billz66
Billz66

Part and Inventory Search

Sponsor

Back
Top