Cisco VPN client not passing data through PIX 501

Discussion in 'Cisco' started by Fred, Aug 29, 2006.

  1. Fred

    Fred Guest

    I have a pc with Cisco client installed that terminates on a PIX 501.
    when the local lan has a PIX outgoing the VPN comes up but no traffic will
    When the local lan has a Linksys or Dlink firewall/router everything works
    I tried changing MTU, went to 576 no change, I added ipsec nat transparency
    on the local (originating side) no change.. outgoing PIX is wide open, no
    access lists etc..

    any ideas?
    Fred, Aug 29, 2006
    1. Advertisements

  2. Hi Fred,

    You may be experiencing a "10 concurrent user" issue with your PIX 501

    Cisco PIX Security Appliance Licensing

    Hope this helps.

    Brad Reese
    Cisco IOS Software - Compatible Partner Matrix by Technology
    1293 Hendersonville Road, Suite 17
    Asheville, North Carolina USA 28803
    USA & Canada: 877-549-2680
    International: 828-277-7272
    Fax: 775-254-3558
    AIM: R2MGrant
    BradReese.Com - Global Cisco Systems Pre-Sales Support
    www.BradReese.Com, Aug 29, 2006
    1. Advertisements

  3. Could you clarify whether one PIX is involved or two?

    And if the outgoing PIX has no access lists, then it will prohibit
    some kinds of return traffic, because some kinds of return traffic
    look like "new" traffic.
    Walter Roberson, Aug 29, 2006
  4. Fred

    Fred Guest

    The 10 license count doesnt come in to play, there is only 2 other devices
    on it.

    I dont think it is an inbound problem on the pix, as everything else works

    setup is follows:

    client ====> pix a >=== internet =====>pix b (client establishes here)

    vpn establishes but no traffic passed

    client ====> netgear etc >=====internet ====== >pix b (client establishes

    vpn works normally
    Fred, Aug 29, 2006
  5. Fred


    Sep 21, 2006
    Likes Received:
    i've got the same problem. please help someone ;)
    sojjan, Sep 21, 2006
  6. Fred


    Sep 13, 2006
    Likes Received:
    turn on FIXUP (v6.XX) / INSPECTION (v7.XX) on "pix a".. it cud be fixup PPTP if u r using PPTP based tunnel or do a fixup of L2TP traffic if L2TP is used ....also even a static
    NAT on the PIX for the VPN client with a global public address will do the job for u...the issue is return traffic is not able to get in due to dynamic NAT....

    le me knw if my solution solves ur issue...
    swapnendu, Sep 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.