VPN Client thru PIX to PIX. Unable to get packets accross established tunnel

- N
- Nick C
  
  Contact options for registered users
posted
19 years ago

Thu, Jul 15, 2004 10:49 AM

Having a little be of an problem here.

We are wanting to get a few select users access outbound to get to a client's PIX that has vpn connection capability. I can get the VPN tunnel established by allowing udp port 500 out. Once we get the tunnell up we need to terminal service to a server that they have on their network. When the tunnel comes up all I see is outgoing packets and not any coming back in. Currently all our users get nat'd to the same external IP. I have also tried with a static 1 to 1 nat, allowing all tcp, udp and gre ports between pc and client's pix, with the same result.

Does anyone know what to check for on why we can establish the tunnel, but no recived packets are coming thru?

Thanks for the help.

Nick

Loading thread data ...

- J
- John Loop
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Jul 16, 2004 12:08 PM

Try turning off Keepalives if the VPN client has the ability. The keepalives use the UDP port 500. The firewall will timeout allowing the, what looks like unsolicited UDP packets attempting to come back into the firewall. Sometimes the firewall is not setup properly to allow the UDP 500 in and out all the time. ?? J--

formatting link

Safe Computing, Home wired and wireless networking tips. ....You spend your whole life figuring out what you should have done with it, let alone what it was all about. And then your children get to do it all over again..

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.