VPN client thru pix, is this possible?

[bigdog175]

I manage a few remote sites via VPN everything works great from outside using VPN client. What I'm trying to accomplish is being able to use the client to connect to a remote site while being behind a pix. Scenario: Sites A,B,C are all secured by pix if I'm not at A,B or C I connect fine, when I'm at A,B or C I can't connect either of the other 2 sites, but need to occasionly, is this possible what are my options, any input is welcome. The remote sites are for different companies so a pix to pix tunnel is not really an option, unless I can turn the link on/off. Thanks in advance.

 

[Robnhood]

I have and you can vpn through Cisco pix firewalls.

Craig

http://www.SecurelySpeaking.com

 

[bigdog175]

How do I go about setting this up? Is a issue of setting up PAT/NAT or making static mappings?

 

[Robnhood]

You will have to fixup esp and or pptp.
Are you trying to vpn from a laptop to another network?

Craig

http://www.SecurelySpeaking.com

 

[bigdog175]

Yes I am trying to VPN from my personal laptop to another network. When I am connected anywhere outside of any of the 3 networks everything is great but when I'm behind any of the 3 pix fw (all of which are 525's 6.1(4) I can't establish a link.

 

[themut]

What kind of VPN? IPSEC, PPTP or L2TP?

 

[bigdog175]

IPsec..

 

[themut]

Ok, on PIX you need to open UDP port 500 and IP protocol 50. If the PIX is running 6.2.X or below you also need a static translation for the IPSec peer behind the PIX. Now if you are running 6.3.X then you don't need a static translation, but you need to enable fixup protocol esp-ike.

Alternatively, you can enable NAT-Traversal (NAT-T) on the headend device, that is the IPSec peer where the VPN client connects to.