Cisco VPN client not passing data through PIX 501

Discussion in 'Cisco' started by Fred@anonymous.org, Aug 29, 2006.

  1. Guest

    I have a pc with Cisco client installed that terminates on a PIX 501.
    when the local lan has a PIX outgoing the VPN comes up but no traffic will
    pass.
    When the local lan has a Linksys or Dlink firewall/router everything works
    fine
    I tried changing MTU, went to 576 no change, I added ipsec nat transparency
    on the local (originating side) no change.. outgoing PIX is wide open, no
    access lists etc..

    any ideas?

    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
    , Aug 29, 2006
    #1
    1. Advertising

  2. Hi Fred,

    You may be experiencing a "10 concurrent user" issue with your PIX 501
    license.

    Cisco PIX Security Appliance Licensing

    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html

    Hope this helps.

    Brad Reese
    Cisco IOS Software - Compatible Partner Matrix by Technology
    http://www.BradReese.Com
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Global Cisco Systems Pre-Sales Support
    http://www.bradreese.com/contact-us.htm#CISCO
    www.BradReese.Com, Aug 29, 2006
    #2
    1. Advertising

  3. In article <>,
    <> wrote:
    >I have a pc with Cisco client installed that terminates on a PIX 501.
    >when the local lan has a PIX outgoing the VPN comes up but no traffic will
    >pass.
    >When the local lan has a Linksys or Dlink firewall/router everything works
    >fine
    >I tried changing MTU, went to 576 no change, I added ipsec nat transparency
    >on the local (originating side) no change.. outgoing PIX is wide open, no
    >access lists etc..


    Could you clarify whether one PIX is involved or two?

    And if the outgoing PIX has no access lists, then it will prohibit
    some kinds of return traffic, because some kinds of return traffic
    look like "new" traffic.
    Walter Roberson, Aug 29, 2006
    #3
  4. Guest

    The 10 license count doesnt come in to play, there is only 2 other devices
    on it.

    I dont think it is an inbound problem on the pix, as everything else works
    normal..


    setup is follows:


    client ====> pix a >=== internet =====>pix b (client establishes here)

    vpn establishes but no traffic passed


    client ====> netgear etc >=====internet ====== >pix b (client establishes
    here)

    vpn works normally

    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
    , Aug 29, 2006
    #4
  5. sojjan

    Joined:
    Sep 21, 2006
    Messages:
    2
    i've got the same problem. please help someone ;)
    sojjan, Sep 21, 2006
    #5
  6. swapnendu

    Joined:
    Sep 13, 2006
    Messages:
    57
    turn on FIXUP (v6.XX) / INSPECTION (v7.XX) on "pix a".. it cud be fixup PPTP if u r using PPTP based tunnel or do a fixup of L2TP traffic if L2TP is used ....also even a static
    NAT on the PIX for the VPN client with a global public address will do the job for u...the issue is return traffic is not able to get in due to dynamic NAT....

    le me knw if my solution solves ur issue...
    swapnendu, Sep 23, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew J Instone-Cowie

    Cisco VPN through a PIX 501 to another PIX?

    Andrew J Instone-Cowie, Jan 20, 2004, in forum: Cisco
    Replies:
    5
    Views:
    4,134
    Andrew J Instone-Cowie
    Jan 22, 2004
  2. Heywood

    VPN client through PIX 501?

    Heywood, Nov 3, 2004, in forum: Cisco
    Replies:
    4
    Views:
    6,452
  3. Nick
    Replies:
    2
    Views:
    2,401
  4. James B. Wood
    Replies:
    7
    Views:
    8,491
    keshav
    Jun 25, 2006
  5. InetSecurity
    Replies:
    0
    Views:
    1,345
    InetSecurity
    Jun 23, 2006
Loading...

Share This Page