Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

help with vpn client -> pix501 vpn

Status
Not open for further replies.
bubbles1611

bubbles1611

Programmer
Apr 17, 2002
7
AU
Hey,
i am trying to set up a vpn to my office.
in the office i have a d-link dsl router connection to the net, on the switch internal interface i have the outside int of the Pix 501 connected.
I want to setup a vpn connection through the pix501 so as i can connect to the office lan.
I have enabled port redirecting on the router to forward ports 500 , 50, 51 to the outside of the pix...
I can establish the vpn connection with ipsec over UDP.

However i can not connect to anything behind teh firewall. But if i try going from behind the firewall to the remote host, it all works perfectly, and from then on am able to acces some of the office network through the vpn from the remote host.

Nothing comes up in the firewall logs as being blocked! It says that there is the IKE tunnel established and the ipsec tunnel established...

I just can't get to anywhere inside the office lan, until somewhere inside the lan has contacted the remote host???

If you could help me out, would be greatly appreciated!
Have spent a lot of time on this and would like to sort it out....

Thanks

Tim
 
Sort by date Sort by votes
HI.

> I have enabled port redirecting on the router to forward ports 500 , 50, 51 to the outside of the pix

How exactly did you configure the router?
50 and 51 are not ports, they are IP protocols. They are not TCP nor UDP ports.

The pix supports PPPoE, so if you can eliminate the d-link DSL router and use only a combination of pix and ADSL modem, it can be much easier (That way the pix outside interface gets the public IP directly).
Is it applicable?



Yizhar Hurwitz
 
Upvote 0 Downvote
I am looking at setting up th adsl router in a bridge config, so as the pix gets the outside ip address...

thanks!

Just bizzarre, cause it connects, but from outside to inside i cant ping or anything, but then inside to outsied it works, then allowing outside to inside????
 
Upvote 0 Downvote
HI.

> Just bizzarre, cause it connects, but from outside to inside i cant ping or anything, but then inside to outsied it works, then allowing outside to inside????

A possible explanation is this:
The DLINK router has IPSEC pass-through feature.
This feature works for outbound connections.
So when you initiated traffic from LAN to VPN client, this triggers the pass-through feature and then allows bi-directional traffic over IP protocol 50 (ESP) and/or over UDP port 10000 (IPSEC over UDP encapsulation).



Yizhar Hurwitz
 
Upvote 0 Downvote
Thanks,
Yizhar, I think that is teh problem, just wondering is there any way to get round taht, so it establishes it the other way, from the outside in properly????
 
Upvote 0 Downvote
HI.

If you use only a single device for NAT and port filterring (like the pix) and not 2 such devices in a row, then you won't have these issues.

Since the pix supports PPPoE then you can use this configuration if applicable to you:

ISP
DSL Provider
Simple ADSL modem (1 connection to phone line, 1 Ethernet connection).
PIX with PPPoE dialer.
SWITCH
LAN hosts.

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
731
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
611
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
216
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
754
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
165
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top