Re: VPN Client to PIX1 from home OK - VPN Client to PIX1 Fails from behind PIX2 firewall

Discussion in 'Cisco' started by D K, Dec 1, 2006.

  1. D K

    D K Guest

    i have the same problem with FWSM3.1
    protocol 50 answer packets are blocked.
    at pix you can try fixup protocol esp-ike

    but what to do at FWSM??

    d.k.

    "PJC" <> schrieb im Newsbeitrag
    news:...
    >
    > This is likely easy. I have a PIX (PIX 1) set up at a customer site to
    > accept a VPN client connection - no auethication except for local.
    >
    >>From behind by Linksys Router at home, I can run the VPN client and

    > have no issue. I can ping, telnet and RDP to anything behind PIX 1.
    >
    > When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
    > . The VPN client connects and I get an IP address - but I cannot ping
    > or reach any IP address behind PIX 1 (at the customer site)
    >
    > Both firewalls have sysopt permit connection ipsec and nat-traversal 20
    > command issued on them.
    >
    > Any thoughts?
    >
    > PJC
    >
     
    D K, Dec 1, 2006
    #1
    1. Advertising

  2. D K

    Brian V Guest

    "D K" <> wrote in message
    news:...
    >i have the same problem with FWSM3.1
    > protocol 50 answer packets are blocked.
    > at pix you can try fixup protocol esp-ike
    >
    > but what to do at FWSM??
    >
    > d.k.
    >
    > "PJC" <> schrieb im Newsbeitrag
    > news:...
    >>
    >> This is likely easy. I have a PIX (PIX 1) set up at a customer site to
    >> accept a VPN client connection - no auethication except for local.
    >>
    >>>From behind by Linksys Router at home, I can run the VPN client and

    >> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
    >>
    >> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
    >> . The VPN client connects and I get an IP address - but I cannot ping
    >> or reach any IP address behind PIX 1 (at the customer site)
    >>
    >> Both firewalls have sysopt permit connection ipsec and nat-traversal 20
    >> command issued on them.
    >>
    >> Any thoughts?
    >>
    >> PJC
    >>

    >
    >


    On the FWSM's you can do the inspects.
     
    Brian V, Dec 1, 2006
    #2
    1. Advertising

  3. D K

    PJC Guest

    My issue mysteriously resolved itself after a reboot of each device.

    But - pardon my ignorance - what is an FWSM ?

    Brian V wrote:
    > "D K" <> wrote in message
    > news:...
    > >i have the same problem with FWSM3.1
    > > protocol 50 answer packets are blocked.
    > > at pix you can try fixup protocol esp-ike
    > >
    > > but what to do at FWSM??
    > >
    > > d.k.
    > >
    > > "PJC" <> schrieb im Newsbeitrag
    > > news:...
    > >>
    > >> This is likely easy. I have a PIX (PIX 1) set up at a customer site to
    > >> accept a VPN client connection - no auethication except for local.
    > >>
    > >>>From behind by Linksys Router at home, I can run the VPN client and
    > >> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
    > >>
    > >> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
    > >> . The VPN client connects and I get an IP address - but I cannot ping
    > >> or reach any IP address behind PIX 1 (at the customer site)
    > >>
    > >> Both firewalls have sysopt permit connection ipsec and nat-traversal 20
    > >> command issued on them.
    > >>
    > >> Any thoughts?
    > >>
    > >> PJC
    > >>

    > >
    > >

    >
    > On the FWSM's you can do the inspects.
     
    PJC, Dec 1, 2006
    #3
  4. D K

    Brian V Guest

    "PJC" <> wrote in message
    news:...
    >
    > My issue mysteriously resolved itself after a reboot of each device.
    >
    > But - pardon my ignorance - what is an FWSM ?
    >
    > Brian V wrote:
    >> "D K" <> wrote in message
    >> news:...
    >> >i have the same problem with FWSM3.1
    >> > protocol 50 answer packets are blocked.
    >> > at pix you can try fixup protocol esp-ike
    >> >
    >> > but what to do at FWSM??
    >> >
    >> > d.k.
    >> >
    >> > "PJC" <> schrieb im Newsbeitrag
    >> > news:...
    >> >>
    >> >> This is likely easy. I have a PIX (PIX 1) set up at a customer site
    >> >> to
    >> >> accept a VPN client connection - no auethication except for local.
    >> >>
    >> >>>From behind by Linksys Router at home, I can run the VPN client and
    >> >> have no issue. I can ping, telnet and RDP to anything behind PIX 1.
    >> >>
    >> >> When I run the VPN client from work - behind a PX 515 ( call it PIX 2)
    >> >> . The VPN client connects and I get an IP address - but I cannot ping
    >> >> or reach any IP address behind PIX 1 (at the customer site)
    >> >>
    >> >> Both firewalls have sysopt permit connection ipsec and nat-traversal
    >> >> 20
    >> >> command issued on them.
    >> >>
    >> >> Any thoughts?
    >> >>
    >> >> PJC
    >> >>
    >> >
    >> >

    >>
    >> On the FWSM's you can do the inspects.

    >


    Fire Wall Services Module, goes in the 6500's and 7600's.
     
    Brian V, Dec 1, 2006
    #4
  5. D K

    D K Guest

    "Brian V" <> schrieb im Newsbeitrag
    news:...
    >
    >
    > On the FWSM's you can do the inspects.

    Hello Brian,
    how?
    FWSM/9/act(config-pmap-c)# inspect ?
    mpf-policy-map-class mode commands/options:
    ctiqbe
    dns
    esmtp
    ftp
    gtp
    h323
    http
    icmp
    ils
    mgcp
    netbios
    pptp
    rsh
    rtsp
    sip
    skinny
    smtp
    snmp
    sqlnet
    sunrpc
    tftp
    xdmcp
    ???
     
    D K, Dec 4, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Corbin O'Reilly
    Replies:
    2
    Views:
    3,279
    Corbin O'Reilly
    May 26, 2004
  2. Ned Hart
    Replies:
    0
    Views:
    899
    Ned Hart
    Jun 6, 2004
  3. Tomi
    Replies:
    3
    Views:
    1,971
  4. lbenes
    Replies:
    1
    Views:
    1,031
    lbenes
    Aug 7, 2006
  5. lbenes
    Replies:
    6
    Views:
    9,470
    Walter Roberson
    Aug 6, 2006
Loading...

Share This Page