VPN Connection To Cisco PIX 515E Firewall 1

[shak89]

Previous Configuration:

-2 Computers connect to ISA server (Head Office) using MS VPN client through an NT server running Sygate at remote location

-Works perfectly

New Configuration:

-Installed PIX firewall instead of ISA server at head office

-Only one computer can cannot at a time now.

Why is this occuring and what can I do to make this work?
Ever since the PIX was installed at head office, only one PC can connect through VPN at a time. When the second computer initiates a VPN connection the first PC drops the connection. The remote site uses high-speed via cable modem and uses sygate for internet sharing.

help is appreciated

thanks

SA
shaq@rogers.com

 

[BuckWeet]

By definity on PPTP, it is not support by NAT, so most companies no go out of spec to give you that capability. PIX does not support this to my knowledge yet.. You might check to see if the newer revs of code support it though..


BuckWeet

 

[BuckWeet]

http://www.cisco.com/en/US/products...ation_example09186a0080094a5a.shtml#maintask1

Theres a doc explaining why "search for PAT"


BuckWeet

 

[BuckWeet]

Once more, I think I might have read your question wrong.. I was thinking you had 2 PC's going out through the PIX to the headend, but its 2 PC's coming in through the PIX at the headend to a MS VPN server..

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

that explains how to set that up..


BuckWeet

 

[shak89]

At the remote site, we are connecting both users through the Cisco VPN client. Will there still be a problem going out though the NAT to the PIX??

 

[BuckWeet]

It shouldn't because the VPN client works totally different than the MS PPTP client does..

You should actually have the PIX be the VPN server..


BuckWeet

 

[shak89]

Actually I must not be explaining the issue clearly. We used MS clients to an MS VPN server previously. Now we are using PIX clients and a PIX firewall that accepts VPN connections. The only change here now is, at the remote site our 2 PC's go out through a sygate NAT which was working fine until we removed our MS VPN server at head office and installed a PIX firewall. Now at the remote site only one client can connect at a time. We are not using MS VPN clients any more. We installed the Cisco VPN clients in order to talk to the PIX. Everytime one of the users connects it drops the second user. Sounds like its something to do with the "Sygate" gateway at the remote site. However never had an issue with MS implementation.

Make any sense?

 

[BuckWeet]

Okay, now I understand.. It sounds like the PIX is dropping the connections because it sees 2 connections coming from a duplicate IP address..

There might be away around it by manipulation port #'s and stuff..

Also another thing to look at is to maybe get an smaller PIX 501 out there and do a VPN tunnel between the two.. Basically extending your LAN and puttinga remote subnet out there..


I'd have to search cisco.com for something like this..


BuckWeet

 

[shak89]

Now you understand!! What is the easiet way to get this to work. Dont think it is feasable to install a PIX 501 for 2 users. Do you think a smaller router such as a Linksys or Netgear will do the trick??