Cannot access remote VPN via PIX

Discussion in 'Cisco' started by info_removethis_, Apr 7, 2005.

  1. We get the following log entries:

    305011: Built dynamic TCP translation from inside:10.0.0.72 to outside:
    10.0.1.253/7382
    302013: Built outbound TCP connection 8904 for
    outside:123.456.789.238/1723 (123.456.789.238/1723) to
    inside:10.0.0.72/2995 (10.0.1.253/7382)
    305011Built dynamic GRE translation from inside:10.0.0.72/1723 to
    outside:10.0.1.253/11
    305011: Built dynamic GRE translation from inside:10.0.0.72/49152 to
    outside:10.0.1.253/12
    302017: Built inbound GRE connection 8905 from outside:123.456.789.238
    (123.456.789.238) to inside:10.0.0.72/49152 (10.0.1.253/12)
    302017: Built inbound GRE connection 8905 from
    inside:10.0.0.72(10.0.1.253) to outside:123.456.789.238/1723
    (123.456.789.238/1723)
    302014: Teardown TCP connection 8904 fro outside:123.456.789.238/1723
    to inside:10.0.0.72/2995 duration 0:00:30 bytes 536 TCP FINS
    302018: Teardown GRE connection 8905 from outside:123.456.789.238 to
    inside:10.0.0.72/49152 duration 0:00:30 bytes 450
    302018: Teardown GRE connection 8906 from inside:10.0.0.72 to
    outside:123.456.789.238/62392 duration 0:00:30 bytes 0
    305012: Teardown dynamic GRE translation from inside:10.0.0.72/1723 to
    outside:10.0.1.253/11 duration 0:00:31


    In the above:

    10.0.0.72 is my PC in the office
    10.0.1.253 is the PIX outside interface
    123.456.789.238 is the remote VPN server

    I get the 'verifying username/password' message and then it times out
    with a 721 or 619 error.

    The log looks as though my rules are allowing 1723 & GRE traffic
    through OK - can you help me with why these connections are failing?

    We connect to a number of VPN servers outside to support our client's
    networks, and they all behave the same way. We can access them fine if
    we don't go through the PIX.

    Cheers

    Rob
     
    info_removethis_, Apr 7, 2005
    #1
    1. Advertisements

  2. info_removethis_

    Dumbkid Guest

    Dumbkid, Apr 8, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.