|
Posted by on June 8, 2006, 5:43 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi.
I have set up a tunnel between my router at home, and a PIX 515 at
work, and have several thin clients (Wyse) connect to a terminal server
at work. This all works fine. Now I use my laptop, also from home, and
a Cisco VPN client to connect to another PIX (customer), and that also
works fine, but after I have connected using the VPN client, the tunnel
to work don't work any more. The tunnel is not down (still connected at
both ends) but the thin clients can't get any traffic through. Manually
taking the tunnel down and creating it again does not help, the only
way is to reset the router.
I thought that when IPSEC Pass Through was enabled on the router the
VPN Client just passed through that, and didn't conflict with the
Router2Pix tunnel, but I guess I'm wrong.
I have tried with different VPN routers (D-link, Linksys, etc.) but
they all have the same problem.
Any help or experience would be greatly appreciated.
Jorgen D.
|
  | |
Posted by =?iso-8859-1?q?BradReese.Com=A on June 11, 2006, 7:48 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi Jorgen,
You must configure NAT Transparency on the PIX.
The IPSec NAT Transparency feature introduces support for IPSec traffic
to travel through NAT or Point Address Translation ( PAT ) points in
the network by addressing many known incompatabilites between NAT and
IPSec.
NAT Transparency uses User Datagram Protocol ( UDP ) port 4500 to
encapsulate IPSec packets.
By default, PIX drops all inbound connections coming from the outside.
You must open this port for NAT Transparency to work.
Issue this command:
Pix#config t
Pix(config)#isakmp nat-traversal
IPSec NAT Transparency:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_gui=
de09186a0080110bca.html
NAT Traversal is a feature that is auto-detected by VPN devices.
There are no configuration steps for a router that runs Cisco IOS=AE
Software Release 12.2(13)T and later.
If both VPN devices are NAT Transparency capable, NAT Traversal is
auto-detected and auto-negotiated.
Hope this helps.
Brad Reese
BradReese.Com - Cisco Network Engineer Directory
http://www.bradreese.com/network-engineer-directory.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant=20
Website: http://www.bradreese.com/contact-us.htm
|
| Similar Threads | Posted | | VPN Tunnel and VPN Client at same time | May 10, 2007, 11:07 am |
| dynamic rule, only 1 VPN connection work at time | June 7, 2005, 4:18 pm |
| Linksys RV082/Greenbow client tunnel connected not able to connect to local resources | December 14, 2006, 10:04 am |
| Sometimes a tunnel... sometimes not | February 8, 2005, 12:14 pm |
| VPN tunnel through GPRS | August 25, 2005, 10:10 am |
| MTU size VPN Tunnel | July 13, 2006, 10:01 am |
| FVS318v3 to FVS318v1 tunnel | April 15, 2005, 12:47 pm |
| Tunnel established, but no ping | February 25, 2006, 9:52 am |
| reaching router thru vpn tunnel | March 21, 2006, 10:15 am |
| VPN tunnel between 2 sbs 2003 servers | June 27, 2006, 10:54 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map