Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN client with "transparent tunneling enabled"

Status
Not open for further replies.

EdenXia

MIS
Jul 24, 2002
23
CN
Dear All,
I encountered an problem,the environment as follwing.

1.PIX 515 6.3(1)
2.Client: VPN client4.01
3.We can use vpn to connect with pix in some places.
4.The problem is I can use it at the following environment.
1)PIX<--Internet<--DSL 300<--Netgear RP114(PPPOE configured in it)<--VPN Client 4(With &quot;transparent tunneling enabled&quot;)

We can connect VPN however it bypassed every packet sended to headerquater network.(using UDP 4500)


2)PIX<--Internet<--DSL 300<--Netgear RP114(PPPOE configured in it)<--VPN Client 4(With &quot;transparent tunneling disabled&quot;)
We can connect VPN and I can contact with headerquater network.

How can I resolve it?

Best Regards
 
Could be an mtu problem, try using the utility that comes with the cisco vpn client &quot;Set MTU&quot;, set it to 1300, that is a common problem in some DSL/Cable environments.

Jan
 
HI Eden,
How u doin...did you try the following command on the cisco pix.
isakmp nat-traversal ?
This command should solve the problem that you might be facing.
Pix doesn't support ipsec over tcp.Only the concentrator by cisco does.Routers and pix doesn't support ipsec over tcp.
Do let me know if that solves the issue.

Blackbug
 
Hi Jan,


Thanks for your help.
Maybe you are right. I will let our users to try it.

Hi Blackbug,


We have use isakmp &quot;nat-traversal 120&quot;
We configure vpn with &quot;transparent tunneling enable&quot; and it will use UDP 4500 in normal environment. However we encounter this problem in a local LAN office in which users user an ADSL router to access Internet.
We configure PPPOE in the router (Netgear RP 114) but not in ADSL Modem.
 
HI.

2)PIX<--Internet<--DSL 300<--Netgear RP114(PPPOE configured in it)<--VPN Client 4(With &quot;transparent tunneling disabled&quot;)
> We can connect VPN and I can contact with headerquater network.
If it works that way, then isn't it a solution?
Configure the client with 2 profiles, and let the user use different profile when needed.

> Could be an mtu problem...
I agree - please let us know what have you found.




Yizhar Hurwitz
 
HI Yizhar Hurwitz,


Thanks for your help.

Because we need 10 users to connect to our PIX device.
So I have enable Transparent tunneling.


As for MTU I am let users to do the test.

Any process I will notice.

Thanks .

Eden Xia
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top