Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN through PIX 501 works but VNC breaks connection 3

Status
Not open for further replies.
teksam

teksam

MIS
Apr 20, 2005
3
US
We are accessing a remote location using a cisco vpn client through our PIX 501 and can ping the accessed location and be pinged continuously without a problem. However, as soon as a user from the remote location tries to use VNC or NetOp through the tunnel, the connection gets dropped.
To confirm that it is not a problem on their side I tried the VPN connection without the PIX and the remote user had no problem using either VNC or NetOp, which leads us to the conclusion that something on our side is breaking the connection. But what confuses me is the fact that the tunnel gets established successfully and pinging either way works fine.
we tried different Cisco VPN client versions but didn't help
Has anybody experienced a similar issue?
If you have please let me know how you solved it.
Thanks in advance
 
Sort by date Sort by votes
I am not sure about NetOp, but I know that VNC needs port 5900 to be open. If it is not, might that be causing your problem? <<<just a thought.
 
Upvote 0 Downvote
Thanks hinesjrh for the reply, but I thought that once the tunnel is established all subsequent traffic will go though it no matter what ports are open/closed!!! Maybe I'm wrong but I'll try your suggestion.
 
Upvote 0 Downvote
as long as you have "sysopt connection permit-<vpntype>"

examples..

sysopt connection permit-ipsec
sysopt connection permit-pptp

If you have the sysopt statement for the type of vpn you run, then you won't need it.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
i think you already have "sysopt connection permit-ipsec" , otherwise ur PING will not able to get thru vpn tunnel.

Let us know your "interesting" traffic that is triggering the VPN, if you specify only ICMP/PING in the access-list, u cannot run VNC and any other application.

I think there is nothing wrong to the vpn client version.

When you said "connection gets dropped.", are u referring the whole VPN connection ? or your VNC conenction ?

A few commands to use for troubeshooting purpose:
on client, use "telnet [target-ip] [vnc-port]"
on pix, use "show crypto ipsec sa" to see any encryp/decryp traffic

United, We Stand
 
Upvote 0 Downvote
The issue has been fixed . The remote location just bought a new CVPN 3000 concentrator and it works just fine now. It could have been that the old IOS wasn't totally compatible with the PIX.... Go figure!

Thank you all for your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
220
nnaarrnn
nnaarrnn
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
64
Garbear
Garbear
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
266
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
117
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
335
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top