[c-nsp] Allow EZVpn through PIX
Bob Fronk
bobfronk at gmail.com
Mon May 22 15:35:49 EDT 2006
Thanks for your input; however, I got the issue resolved.
We needed the fixup protocol esp-ike command. So the relevant commands are:
fixup protocol esp-ike
access-list 101 permit ah any any
access-list 101 permit esp any any
access-group 101 in interface outside
Bob Fronk
bobfronk at gmail.com
> -----Original Message-----
> From: Bruce Pinsky [mailto:bep at whack.org]
> Sent: Monday, May 22, 2006 3:22 PM
> To: Bob Fronk
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Allow EZVpn through PIX
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bob Fronk wrote:
> > We have a sub-contractor that does some work for us. In order for one
> > device at their office to connect to our network, we have installed an
> 831
> > setup as an EZVPN remote. The 831 connects back to a PIX on our
> network.
> >
> >
> >
> > Recently the sub-contractor placed a PIX on their network. (They were
> using
> > a Linksys router before). Now the 831 cannot connect back to my PIX.
> The
> > tunnel comes up, but no traffic will pass.
> >
> >
> >
> > We have tried various things to get this to work. (allowed ports, added
> > static maps, etc) but so far, nothing is helping.
> >
> >
> >
> > Any ideas appreciated.
> >
>
> Check out:
>
> LAN-to-LAN and EzVPN Client on PIX with VPN Client Access to a Hub Router
> using ISAKMP Profiles Configuration Example
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configurati
> on_example09186a008032cd24.shtml#t4
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEcg9nE1XcgMgrtyYRAsnfAJ4hcsBQfQFeN64/88Ca0Vw/1fvlpwCg+UyJ
> ktlylfxchXPidg/67nfQikQ=
> =0Tx2
> -----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list