Cisco VPN Client 4.04 Rel to a PIX 506E connects, but no traffic

I configured a PIX 506E w/ v6.3 PixOS. I can connect just fine however, I cannot see anything at all on the inside network. Here's my relavant config:

access-list nonatinside permit ip 192.168.20.0 255.255.255.0

192.168.21.0 255.255.255.0 ! ip local pool clientpool 192.168.21.10-192.168.21.25 ! sysopt connection permit-ipsec crypto ipsec transform-set a-transform esp-3des esp-md5-hmac crypto dynamic-map mydynmap 10 set transform-set a-transform crypto map mymap 10 ipsec-isakmp dynamic mydynmap ! isakmp policy 10 lifetime 86400 vpngroup testlogin address-pool clientpool vpngroup testlogin dns-server 192.168.20.3 192.168.20.4 vpngroup testlogin default-domain mydomain.com vpngroup testlogin split-tunnel nonatinside vpngroup testlogin idle-time 32400 vpngroup testlogin password ******** !
Reply to
GlenMorgan
Loading thread data ...

is this a pix config. i think this is a router config. anyways if you are coming behind a nat or a pat device to connect to pix, add the following command: isakmp nat-t 20

This should solve the problem. Make sure in the vpn client when you to a connection entry and transport tab you have checked IPSec over UDP check box.

Reply to
rave

In article , rave wrote: :is this a pix config. i think this is a router config.

It was definitely a PIX configuration that the OP posted.

Reply to
Walter Roberson

Well, I'm not sure why it's still not working. Ive done this in the past with less configuration. Could it be the new client? I know this worked on a 3.x version.

Reply to
GlenMorgan

In article , GlenMorgan wrote: :I configured a PIX 506E w/ v6.3 PixOS. I can connect just fine however, :I cannot see anything at all on the inside network. Here's my relavant :config: :access-list nonatinside permit ip 192.168.20.0 255.255.255.0 192.168.21.0

255.255.255.0 :ip local pool clientpool 192.168.21.10-192.168.21.25

Just to cross-check: you have a specific or default route on the PIX that would send packets for 192.168.21 towards the outside interface? The PIX needs the packets to be routed towards the interface the VPN is active on, and then it sort of redirects the packets at the last moment.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.