[c-nsp] problems passing traffic once VPNed

Steve Lim limmer at core.com
Mon Mar 21 16:23:55 EST 2005 

If you're using NAT-T, make sure UDP Port 4500 is not blocked

And, if the VPN server is behind PIX B, you may need to set up a static 
NAT translation to that server per

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml


Ivan Lopez wrote:

>I added isakmp nat-traversal, same results. Can both firewalls have the same. When I analyze the statistics on my VPN client it
>shows some packets going out but none inbound. Can Ethereal be useful in troubleshooting this? I am constantly checking logs in the firewall to 
>see if something comes up. Any type of logging I should have set up on the Firewall to capture this?   
>
>
>Any ideas?
>
>thanks,
>-Ivan 
>
>
>
>
>
>
>
>
>Ivan
>
>You may want to try looking at
>
>	isakmp nat-traversal
>
>A quick search on cisco.com should give you enough information to 
>figure out if this is your problem and whether or not it is supported 
>on your PIX software version.
>
>Regards
>
>	Peter Walker
>
>--On 18 March 2005 20:01 -0500 Ivan Lopez <ilopez02 at earthlink.net <https://puck.nether.net/mailman/listinfo/cisco-nsp>> 
>wrote:
>
>  
>
>>/  I am very new in VPNs, and I inherited 2 pix firewalls in
>>    
>>
>/>/ different  locations, location (pix)A and location (pix)B.
>/>/
>/>/ I can VPN into them individually using  Cisco VPN client from home
>/>/ using  a simple broadband connection without any problems reaching
>/>/ the desired  traffic. However,  using the same VPN client when I do
>/>/ VPN from behind  the pix in  location A to (pix) location B, I can
>/>/ connect but then I  cannot pass any traffic or get anywhere at all.
>/>/ Both PIXes have similar   VPN related set ups. Anyone out there
>/>/ that has a clue of what I am  missing, I would sure appreciated any
>/>/ suggestions.
>/>/
>/>/
>/>/ thanks
>/>/ _______________________________________________
>/>/ cisco-nsp mailing list  cisco-nsp at puck.nether.net <https://puck.nether.net/mailman/listinfo/cisco-nsp>
>/>/ https://puck.nether.net/mailman/listinfo/cisco-nsp
>/>/ archive at http://puck.nether.net/pipermail/cisco-nsp/
>/>
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>  
>


-- 
||||||||||||||||||||||||||||||||||||||||||||
Steve Lim, Network Engineering (Great Lakes)
Corecomm, An ATX Company   
PX: 877-557-2724

More information about the cisco-nsp mailing list