1. Home
  2. Cisco Systems
  3. Outbound VPN through a Pix 501

Outbound VPN through a Pix 501

I am trying to go "outbound" through a Cisco PIX 501.

I can not get it to work, although I swapped it out with a cheap SOHO Netgear firewall and there were no more issues.

All outbound traffic is open.

Ed,

Reply to
gencode
Loading thread data ...

In article , gencode wrote: :I am trying to go "outbound" through a Cisco PIX 501.

:I can not get it to work, although I swapped it out with a cheap SOHO :Netgear firewall and there were no more issues.

:All outbound traffic is open.

Is the PIX the VPN endpoint, or is a host the VPN endpoint with the traffic traveling through the PIX?

What VPN technology is it? PPTP? IPSec?

If it is a host with the Cisco VPN Client connecting to a remote Cisco VPN device (IOS Router, VPN Concentrator, PIX) then have the remote end turn on "nat traversal".

If it is a host with a different IPSec client and the remote end does not support nat traversal, then provided the PIX 501 is not -also- a VPN endpoint, turn on the isakmp esp-like fixup. This will only allow one inside host to connect outwards at a time.

If it is a different non-IPSec VPN client, such as one that requires GRE or other IP -protocols- (as opposed to TCP/UDP -ports-) then it is incompatible with Port Address Translation, and requires additional routable IP addresses to make it work.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.