Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 outgoing VPN Hell

Status
Not open for further replies.
bluisana

bluisana

IS-IT--Management
Mar 31, 2009
3
US
Cisco PIX VPN nightmare

I have a Cisco PIX 501 at the main firewall/router on my office network. The pix is working as a NAT/PAT router for all
internal addresses out to one external address. I have a VPN connection configured and working so that users can connect to the
internal network with from outside using the cisco VPN client. I am also able to vpn out to several different external locations with the vpn client and a British Telecom client. I have one client that uses a windows RAS server as their vpn connection over PPTP. I am able to connect this vpn but get disconnected after 3 minutes every time. They have 10 other users that can connect to this vpn tunnel with no problems and I am able to connect to the tunnel from any external network.

I have tried everything that I can possibly think of to fix this problem but nothing has worked. Does anyone have any ideas of what I can try next?

Any help or suggestions would be greatly appreciated.

 
Sort by date Sort by votes
Do you have the line fixup protocol pptp 1723 entered?? Are you allowing gre outbound?? Post your full scrubbed config.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Hello unclerico,

Thanks for your reply. I have all GRE outbound and fixup 1723 setup on the config. I had two different CCNA's look at the router after I had been working on this for over a week. The answer apparently is get a more updated router. I have an ASA 5505 coming in the mail right now. I will probably be posting my problems with it as soon as it gets here :).

 
Upvote 0 Downvote
you really should have posted your 501 config before spending the money on the 5505. Yes, a 5505 will be better in the long run, but if you were tight on cash we probably could have helped you get it working as is. Oh well, if you have problems with the 5505 config be sure to post it under the ASA forum. One last thing, just because someone flashes the CCNA credentials doesn't necessarily mean they know what they are doing. I have met and talked with numerous "CCNA" qualified individuals and they were absolutely clueless.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
A pix is a firewall and not a router. Unless their CCNA was a CCNA Security then they have no clue of the basics of a PIX. If you are looking for assistance you should have assistance from someone with a professional level cert corresponding to your technology issue.

CCNP - Routing and Switching
CCSP - Security ie PIX, ASA, IPS, NAC
CCVP - Voice

 
Upvote 0 Downvote
Thanks for all of the feedback. Time is money in my line of work and I couldn't deal with the VPN problems any longer. Hopefully I will be able to get the new router up and running without any problems (tomorrow), but I am sure something will come up with the complexity of the network here.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
586
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
207
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
724
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
160
WhosYourDiffie
WhosYourDiffie
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top