Router2Pix tunnel and VPN Client at the same time

Router2Pix tunnel and VPN Client at the same time

NewsGroups | Search | Tools
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Router2Pix tunnel and VPN Client at the same time jdk 06-08-2006
Posted by on June 8, 2006, 5:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi.

I have set up a tunnel between my router at home, and a PIX 515 at
work, and have several thin clients (Wyse) connect to a terminal server

at work. This all works fine. Now I use my laptop, also from home, and
a Cisco VPN client to connect to another PIX (customer), and that also
works fine, but after I have connected using the VPN client, the tunnel

to work don't work any more. The tunnel is not down (still connected at

both ends) but the thin clients can't get any traffic through. Manually

taking the tunnel down and creating it again does not help, the only
way is to reset the router.
I thought that when IPSEC Pass Through was enabled on the router the
VPN Client just passed through that, and didn't conflict with the
Router2Pix tunnel, but I guess I'm wrong.
I have tried with different VPN routers (D-link, Linksys, etc.) but
they all have the same problem.


Any help or experience would be greatly appreciated.
Jorgen D.


NMFall 20%
Posted by =?iso-8859-1?q?BradReese.Com=A on June 11, 2006, 7:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Jorgen,

You must configure NAT Transparency on the PIX.

The IPSec NAT Transparency feature introduces support for IPSec traffic
to travel through NAT or Point Address Translation ( PAT ) points in
the network by addressing many known incompatabilites between NAT and
IPSec.

NAT Transparency uses User Datagram Protocol ( UDP ) port 4500 to
encapsulate IPSec packets.

By default, PIX drops all inbound connections coming from the outside.

You must open this port for NAT Transparency to work.

Issue this command:

Pix#config t
Pix(config)#isakmp nat-traversal

IPSec NAT Transparency:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_gui=
de09186a0080110bca.html

NAT Traversal is a feature that is auto-detected by VPN devices.

There are no configuration steps for a router that runs Cisco IOS=AE
Software Release 12.2(13)T and later.

If both VPN devices are NAT Transparency capable, NAT Traversal is
auto-detected and auto-negotiated.

Hope this helps.

Brad Reese
BradReese.Com - Cisco Network Engineer Directory
http://www.bradreese.com/network-engineer-directory.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant=20
Website: http://www.bradreese.com/contact-us.htm


Similar ThreadsPosted
VPN Tunnel and VPN Client at same time May 10, 2007, 11:07 am
dynamic rule, only 1 VPN connection work at time June 7, 2005, 4:18 pm
Linksys RV082/Greenbow client tunnel connected not able to connect to local resources December 14, 2006, 10:04 am
Sometimes a tunnel... sometimes not February 8, 2005, 12:14 pm
VPN tunnel through GPRS August 25, 2005, 10:10 am
MTU size VPN Tunnel July 13, 2006, 10:01 am
FVS318v3 to FVS318v1 tunnel April 15, 2005, 12:47 pm
Tunnel established, but no ping February 25, 2006, 9:52 am
reaching router thru vpn tunnel March 21, 2006, 10:15 am
VPN tunnel between 2 sbs 2003 servers June 27, 2006, 10:54 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map