Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 506e unable to establish a VPN connection HELP!

Status
Not open for further replies.
PollekeICT

PollekeICT

Technical User
Mar 17, 2005
7
NL
PIX 506e.

Unable to VPN, error is 106023 deny udp src xxxx dest /500

It seams like all packets going thru the PIX to the internal interface. VPN must be established to te PIX

Anyone has an idea, i really apprechiate any reaction.

Thanx Paul
 
Sort by date Sort by votes
hi guy,

I think like evrybody here precision could be better to help you.

anyway, from where to what do you want to establish a vpn? if the goal is to do it with the same hardware like pix to pix. you should check if you're provider does not filter anything on your line.
also take care to activate isakmp outside( i think it's outside)

did you check your setting with a sample from cisco web site?

come back and tell us more

fred
 
Upvote 0 Downvote
Hi Fred,

Thanks for you reply.

Run both wizards for enabling Site-to-Site VPN with another 506e, and Cisco VPN Client.
This other 506e is accepting VPN client.
ISP is not filtering because packets do arrive at the PIX, and yes isakmp outside is enabled.

I remember PDM pop-upped a warning stating something like, "When you do this the unit isn't accessable from the outside". Also when i enable telnet for a specific ip (My IP) the packet go straight to the inside network.

I compared 4 succesfull installations of a PIX 506e with this one, and can't find the responsible config-line.

I posted a earlier thread where the running config is in.

Thanks in advance,

Paul
 
Upvote 0 Downvote
Go ahead and post both configs for us..

Remember to post responsibly and remove any potential security related stuff.

Also, the PDM (as you will come to know) is not well thought of by most as it doesn't work as well as it should.


Computer/Network Technician
CCNA
 
Upvote 0 Downvote
Thanks Lloyd for you reaction.

I tried reloading the system with telnet and that solved it.
 
Upvote 0 Downvote
Yes, UDP/500 is part of the crypto process, but if you are passing through a PIX from something like a client, If this is the case then you need UDP/500 protocol 50 & 51 AH & ESP opened to pass client through. If you are trying to just L2L crypto tunnel up that's different. What version are you running 6.3.4 ? Is this a dynamic setup or IP to IP? All of this matters, fill me in & I can help you further.
Thanks
Mike
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
289
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
304
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
299
intel233
intel233
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
367
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
88
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top