Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ESP problem with MS RRAS to Cisco 3000 VPN passing through PIX 515E Firewall.

Thread Tools

ESP problem with MS RRAS to Cisco 3000 VPN passing through PIX 515E Firewall.

Sean McGrath
Posts: n/a

I'm having a problem creating a MS RRAS server to a Cisco 3000 VPN
concentrator passing through a PIX 515E Firewall (6.1). The
configuration is as follows. The MS RRAS server has a configure IPSEC
policy creating a tunnel withe the external interface of the PIX
firewall. The PIX firewall passes that traffic to one of its internal
interface connected to the VPN concentrator. There is a sepearate
internal interface connecting to the internal LAN for internet
connectivity. UDP 500 is static translated to the VPN concentrator.
UDP 10000 is also static translated to the VPN concentrator. I am able
to estrablish the tunnel but if I try to pass traffic through it I get
"Regular Translation Creation failed for IP protocol 50" on the PIX.
Obviously this results from the fact that I can't static IP protocol
50. If I try to connect with the Cisco client from the outside it
works because it is encapsulating ESP in UDP 10000. Is there a way to
make the RRAS server do this? If I can't get RRAS to work this way
it's not a big deal because I can use L2TP but I will have other VPN
concentrators connecting through the PIX from the outside. Will they
have the same problem or will they encapsulate ESP in UDP 10000?
Any suggestions or thoughts would be greatly appreciated.

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
cisco vpn connection to vpn concentrator 3000 not passing web traffic Cisco 1 08-22-2006 02:05 PM
PIX 515E, VPN client has no route to outside network via vpn Clemens Schwaighofer Cisco 7 06-13-2005 03:48 PM
Problems pinging through VPN tunnel between pix 515e and a 1700 series router. Anand Mohabir Cisco 1 10-22-2004 11:04 AM
problem with 2 VPN-Client groups and Radius authentication on Cisco PIX 515E Spoettel Otmar Cisco 0 05-12-2004 12:54 PM
VPN in and VPN out on same port on PIX 515E...possible? Steve Baker Cisco 8 04-26-2004 07:10 PM