Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: VPN Client to PIX1 from home OK - VPN Client to PIX1 Fails from behind PIX2 firewall

Reply
Thread Tools

Re: VPN Client to PIX1 from home OK - VPN Client to PIX1 Fails from behind PIX2 firewall

 
 
D K
Guest
Posts: n/a
 
      12-01-2006
i have the same problem with FWSM3.1
protocol 50 answer packets are blocked.
at pix you can try fixup protocol esp-ike

but what to do at FWSM??

d.k.

"PJC" <(E-Mail Removed)> schrieb im Newsbeitrag
news:(E-Mail Removed) oups.com...
>
> This is likely easy. I have a PIX (PIX 1) set up at a customer site to
> accept a VPN client connection - no auethication except for local.
>
>>From behind by Linksys Router at home, I can run the VPN client and

> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
>
> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
> . The VPN client connects and I get an IP address - but I cannot ping
> or reach any IP address behind PIX 1 (at the customer site)
>
> Both firewalls have sysopt permit connection ipsec and nat-traversal 20
> command issued on them.
>
> Any thoughts?
>
> PJC
>



 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      12-01-2006

"D K" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>i have the same problem with FWSM3.1
> protocol 50 answer packets are blocked.
> at pix you can try fixup protocol esp-ike
>
> but what to do at FWSM??
>
> d.k.
>
> "PJC" <(E-Mail Removed)> schrieb im Newsbeitrag
> news:(E-Mail Removed) oups.com...
>>
>> This is likely easy. I have a PIX (PIX 1) set up at a customer site to
>> accept a VPN client connection - no auethication except for local.
>>
>>>From behind by Linksys Router at home, I can run the VPN client and

>> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
>>
>> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
>> . The VPN client connects and I get an IP address - but I cannot ping
>> or reach any IP address behind PIX 1 (at the customer site)
>>
>> Both firewalls have sysopt permit connection ipsec and nat-traversal 20
>> command issued on them.
>>
>> Any thoughts?
>>
>> PJC
>>

>
>


On the FWSM's you can do the inspects.


 
Reply With Quote
 
 
 
 
PJC
Guest
Posts: n/a
 
      12-01-2006

My issue mysteriously resolved itself after a reboot of each device.

But - pardon my ignorance - what is an FWSM ?

Brian V wrote:
> "D K" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >i have the same problem with FWSM3.1
> > protocol 50 answer packets are blocked.
> > at pix you can try fixup protocol esp-ike
> >
> > but what to do at FWSM??
> >
> > d.k.
> >
> > "PJC" <(E-Mail Removed)> schrieb im Newsbeitrag
> > news:(E-Mail Removed) oups.com...
> >>
> >> This is likely easy. I have a PIX (PIX 1) set up at a customer site to
> >> accept a VPN client connection - no auethication except for local.
> >>
> >>>From behind by Linksys Router at home, I can run the VPN client and
> >> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
> >>
> >> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
> >> . The VPN client connects and I get an IP address - but I cannot ping
> >> or reach any IP address behind PIX 1 (at the customer site)
> >>
> >> Both firewalls have sysopt permit connection ipsec and nat-traversal 20
> >> command issued on them.
> >>
> >> Any thoughts?
> >>
> >> PJC
> >>

> >
> >

>
> On the FWSM's you can do the inspects.


 
Reply With Quote
 
Brian V
Guest
Posts: n/a
 
      12-01-2006

"PJC" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>
> My issue mysteriously resolved itself after a reboot of each device.
>
> But - pardon my ignorance - what is an FWSM ?
>
> Brian V wrote:
>> "D K" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> >i have the same problem with FWSM3.1
>> > protocol 50 answer packets are blocked.
>> > at pix you can try fixup protocol esp-ike
>> >
>> > but what to do at FWSM??
>> >
>> > d.k.
>> >
>> > "PJC" <(E-Mail Removed)> schrieb im Newsbeitrag
>> > news:(E-Mail Removed) oups.com...
>> >>
>> >> This is likely easy. I have a PIX (PIX 1) set up at a customer site
>> >> to
>> >> accept a VPN client connection - no auethication except for local.
>> >>
>> >>>From behind by Linksys Router at home, I can run the VPN client and
>> >> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
>> >>
>> >> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
>> >> . The VPN client connects and I get an IP address - but I cannot ping
>> >> or reach any IP address behind PIX 1 (at the customer site)
>> >>
>> >> Both firewalls have sysopt permit connection ipsec and nat-traversal
>> >> 20
>> >> command issued on them.
>> >>
>> >> Any thoughts?
>> >>
>> >> PJC
>> >>
>> >
>> >

>>
>> On the FWSM's you can do the inspects.

>


Fire Wall Services Module, goes in the 6500's and 7600's.


 
Reply With Quote
 
D K
Guest
Posts: n/a
 
      12-04-2006
"Brian V" <(E-Mail Removed)> schrieb im Newsbeitrag
news:(E-Mail Removed)...
>
>
> On the FWSM's you can do the inspects.

Hello Brian,
how?
FWSM/9/act(config-pmap-c)# inspect ?
mpf-policy-map-class mode commands/options:
ctiqbe
dns
esmtp
ftp
gtp
h323
http
icmp
ils
mgcp
netbios
pptp
rsh
rtsp
sip
skinny
smtp
snmp
sqlnet
sunrpc
tftp
xdmcp
???


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN client will not connect behind firewall lbenes Cisco 1 08-06-2006 11:32 PM
VPN client will not connect behind firewall lbenes Cisco 6 08-05-2006 11:32 PM
VPN on PIX can't work with vpn client behind nat Tomi Cisco 3 05-11-2005 11:43 AM
RMI client behind a firewall, server behind a firewall too Robert Dodier Java 6 09-14-2004 09:23 PM
Web Service invocation from behind proxy behind firewall Kumarforg ASP .Net Web Services 0 08-03-2004 07:15 AM



Advertisments