PIX 515 VPN Issues

[sohtnax]

I have a client who allows us to connect to his network via a VPN connection. He says he does not have a Cisco Concentrator, but instead is using his PIX 515 as the VPN. Unfortuantely, I am not familiar with this setup.

Currently, we cannot connect using a NAT IP address but can if we use a public IP. What changes does he need to make in order for us to be able to connect properly?

In addition to this, he does not have split tunneling enabled. How can he enable it on a PIX?

Thanks.

 

[chicocouk]

PIX has to be running pix version 6.3(1) or later, as this will support NAT-T, which is supported on the concentrators, but was only introduced on that release of the pix software. That's probably why you can't connected from a NAT-ed IP address.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00801b3f5b.html#65230

I never allow split tunneling as we consider it to be too much of a security risk. However, the command to enable it is vpngroup split-tunnel, documented here

http://www.cisco.com/en/US/products...eference_chapter09186a00801727ae.html#1099471

Chico

 

[sohtnax]

Thanks!!!!!!!!!