Re: PIX 501 blocking inside to out arp requests
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Doug McIntyre on May 20, 2008, 10:12 am
Please log in for more thread options >I work from home as a software consultant, and one of the clients I
>work for has a VPN concentrator that I can not connect to with my PIX >inline. >I think I have narrowed it down to the VPN Adapter that is created
>when I connect to their concentrator. Probably not.. >There is no 'Default Gateway'. With the PIX in line I can not connect
>to their server 192.168.15.2, etc.. With the Linksys in line every >thing seems to work fine. Do you have the PIX configured to let IPsec packets through? sysopt connection permit-ipsec I'm assuming you are already doing NAT-T on your VPN setup since you say the Linksys one works. >I'm guessing (as I'm no network guru) that the Linksys router is
>allowing ARP requests to traverse the device, and the PIX is blocking >them since there is now pre-defined route, or maybe this guess is way >off, I don't really know. Yes, this guess is way off.. | ||||||||||||||||
|
Posted by Tyler on May 20, 2008, 10:42 am
Please log in for more thread options > Do you have the PIX configured to let IPsec packets through?
> > sysopt connection permit-ipsec > I did not have this statement in my config. However, other sites that I VPN to worked fine, all "seem" to be configured using IPSec over UDP (NAT / PAT) in the Cisco VPN Client I'm using to connect to the client through my PIX / Linksys router. I have added the statement to my PIX, but I haven't had a chance to test it yet as the PIX is currently not hooked up. I'll give it a test later today when I disconnect from the client I'm working with. > I'm assuming you are already doing NAT-T on your VPN setup since you
> say the Linksys one works. > > >I'm guessing (as I'm no network guru) that the Linksys router is
> >allowing ARP requests to traverse the device, and the PIX is blocking > >them since there is now pre-defined route, or maybe this guess is way > >off, I don't really know. >
> Yes, this guess is way off.. Thanks | ||||||||||||||||
|
Posted by Tyler on May 21, 2008, 11:47 pm
Please log in for more thread options Any other ideas?
| ||||||||||||||||
|
Posted by Marko Uusitalo on May 22, 2008, 4:00 am
Please log in for more thread options Tyler kirjoitti:
> Any other ideas?
I the dns server 192.168.1.10 in your network or across the VPN? This could be the problem. Can you connect using IP addresses only Regards Marko | ||||||||||||||||
| Similar Threads | Posted |
| Re: PIX 501 blocking inside to out arp requests | May 20, 2008, 10:12 am |
| Unable to make DNS requests from inside the DMZ | March 15, 2007, 3:14 pm |
| pix 501 - Problem Routing Requests from inside to outside networks | November 27, 2007, 5:59 am |
| DHCP requests | August 27, 2007, 12:54 pm |
| ntp requests routed wrong | December 21, 2005, 12:36 pm |
| PIX 501 relay client DNS requests out to an internet DNS server? | November 17, 2006, 5:43 pm |
| Configuring an inside nat group on inside interface | April 10, 2006, 4:38 pm |
| MSN, ... blocking ? | September 13, 2005, 9:19 am |
| Blocking IM | November 13, 2006, 2:08 pm |
| ACL blocking dns | May 21, 2008, 4:49 pm |
| Blocking myspace.com | January 3, 2006, 11:30 pm |
| blocking Bittorrent | April 17, 2006, 10:53 pm |
| Port 25 blocking ???? | September 12, 2006, 1:25 pm |
| Blocking Skype? | December 15, 2006, 10:39 am |
| Cisco 837 - how to set up Inside to Inside NAT for DNS resolution? | May 23, 2006, 2:00 pm |
>router for my home. However, I have found one situation where I have
>to swap the 501 for a dumb Linksys router/NAT device.