Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Cisco VPN Client Behind a Cisco PIX or Router

Re: Cisco VPN Client Behind a Cisco PIX or Router

From: james <james_at_jdfogg.com>
Date: 01 Sep 2004 15:16:09 -0400

On Wed, 2004-09-01 at 12:42, Al Cooper wrote:
> I have configured a Cisco VPN Client (4.6.00) to connect to a Cisco PIX
> 515E [6.3(3)]. The VPN works great except when the VPN client is behind
> another PIX or a Cisco router. If the VPN client behind a PIX or a Cisco
> router I can make the initial connect fine but I cannot pass any traffic
> (pings time out and protocols do not connect).
>
> If I am behind my Linux (IPCop) firewall or at a hotel (unknown firewall,
> probably a cable modem) I do not have a problem. I can connect and pass
> traffic.

I have run into this also, it has to do with the PIX not having an IPSec
proxy. I did get some help once but never got it to run. As I recall you
need to allow IP port 50 inbound through the PIX that is shielding the
client. Someone clued me into why the solution may have not worked for
me - I had random sequence numbers enabled and that will break IPSec.

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos