Re: Cisco VPN Connection Problems

 
I logged a support call with Microsoft for this problem and they confirmed that it was a problem with PIX firewall.  Managed to get two sites to enable NAT-T and transparent tunneling and could then connect fine to remote network.
 
 
This link seemed to help the most (section 5.2):-
http://www.internetaccessmonitor.com/eng/products/articles/How_to_pass_IPSec_traffic_through_ISA_Server/How_to_pass_IPSec_traffic_through_ISA_Server.php
 
 
As im not a Cisco expert I am not sure what needed to be done on Cisco firewall but this is reply I had from one site:-
-------
Simply went onto the firewall .. enable .. configure terminal ... crypto isakmp nat keepalive 20
 
I did do one other thing although this shouldn't have affected what you were trying to do ..... enable .. configure terminal .. isakmp ... sh
 
I think that it was the first bit that did it, takes about five minutes to start accepting connecitons though.
----------
 
 
I would be great if I could get detailed instructions of what needed to be done as I am sure I will get more Cisco sites in the future to connect to.
 
 
"ZVR" <nospamever@xxxxxx> wrote in message news:NaCdnbApQfs7VsveRVn-rQ@xxxxxxxxxx...
> "Chris Rees" <chrisr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:enFzkgP1FHA.1564@xxxxxxxxxxxxxxxxxxxx...
>> HI ZVR,
>>
>> Thanks for the article.  Does it mean that I need to get PIX configured as
>> per section 5.2?
>
> You should have both your clients and the PIX device configured to support
> NAT-T via UDP encapsulation. The Cisco VPN client has an option for that,
> and as I was saying on the PIX side this is not an issue with newer
> firmware, check with the PIX support person and they might be able to tell
> you.
>
> Virgil
>
>

Relevant Pages

  • Vulnerability: Cisco PIX Firewall Manager
    ... Subject: Vulnerability: Cisco PIX Firewall Manager ... saved in plaintext on the management station. ...
    (Bugtraq)
  • RE: Server Response 550 5.7.1 Message Rejected even though we auth
    ... I would've never thought to look at the PIX as the problem. ... My brother-in-law works for Cisco and in chatting with him tonight he said ... I cannot log on the SMTP server. ... > Microsoft Online Partner Support ...
    (microsoft.public.exchange2000.admin)
  • Re: PIX 506E vs NetScreen 5XP/5XT
    ... I work for reseller that sells both Cisco and NetScreen. ... although PIX OS 6.3 is suppose to fix a lot of these ... Both the OS, VPN Client, and ICMP support. ... > because its a Cisco and seems solid, but I like the Netscreens because ...
    (comp.security.firewalls)
  • Re: Considering Cicso Pix 501 for home firewall---need info
    ... - If you want to use the graphical interface to configure the PIX, ... - If you want support after that time, you would need to obtain a support ... probably not be given the 6.3update: Cisco would instead likely ... with a 10 user license, a 50 user license, or an unlimited license. ...
    (comp.security.firewalls)
  • RE: [fw-wiz] PIX firewall licensing and beyond (newbie)
    ... the PIX, a 515E is a fine choice. ... Cisco, and anything you buy new should come with it. ... then you get all of your support from them also. ... Any recommendations on a location to order the pix firewall and licensing ...
    (Firewall-Wizards)