no traffic over vpn tunnel

[basilldonbond]

Hello,
we are trying to set vpn 3des encrypted links using cisco pix500 series firewalls and cisco 3000 series vpn server.

On one client site, there is a pix515 (os ver 6.2) connected to a cisco 801 isdn router (os ver 12.2).

The vpn tunnel is sucessfully established but no traffic can cross the tunnel. When we look on the VPN concentrator we can see that the customer has established a vpn tunnel.

We have lots of users who can connect to our vpn concentrator and have no problems viewing the internal web site therefore I think that the problem is at the remote site.

WE have used the remote users PIX config in our lab and do not have any problems. Our lab uses an ADSL web connection.

At one stage, the customer reported that when he issued a ping command, he got 50% reply rate, he fixed this.

I am wondering if the problem could be connected to load balancing issues related to the Cisco 801 isdn modem.

Does anyone have any ideas?
Anything at all..
Thanks

 

[ChicagoTechNet]

Have you created a one-to-one mapping on pix? upgrading pix to v6.3 may fix this issue or following this quotation from

http://www25.brinkster.com/ChicagoTech.

Can't connect to a VPN server on the outside of the PIX

.Symptom: When attempting to connect to a VPN server on the outside of the PIX it returns error 721, the computer failed to respond.

Resolution: In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723. For example, for pptp add this: conduit permit gre host x.x.x.x any AND conduit permit tcp host x.x.x.x eq 1723. For l2tp over ipsec: conduit permit esp host x.x.x.x any, conduit permit udp host x.x.x.x eq 1701 any AND conduit permit udp host x.x.x.x eq 500 any.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www25.brinkster.com/ChicagoTech