Okay I am lost, I have tried all things listed in this post, the fixup esp does not work and setting access-list to open up ports and other misc access-list still will not allow the VPN client to pass thru the pix properly. The only way it works is if I set a static xlate to the outside to the inside address, but then I lose all other connections on the pix. I am using 6.3.3, any tips on what is going on? Thanks in advance.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Nortel VPN Thru PIX 501 2
- Thread starter fluxeon
- Start date
-
2
- #2
Add these lines:
access-list contiv permit udp any any eq isakmp
access-list contiv permit ah any any
access-list contiv permit esp any any
access-group contiv in interface outside
fixup protocol esp-ike
That should do it. You will need version 6.3x for this to work.
-Joe
access-list contiv permit udp any any eq isakmp
access-list contiv permit ah any any
access-list contiv permit esp any any
access-group contiv in interface outside
fixup protocol esp-ike
That should do it. You will need version 6.3x for this to work.
-Joe
- Status
Similar threads
- Locked
- Question
- Locked
- Question