Sign in with
Sign up | Sign in
Your question

VPN Client thru PIX to PIX. Unable to get packets accross ..

Last response: in Networking
Share
Anonymous
July 15, 2004 10:49:54 AM

Archived from groups: comp.security.firewalls (More info?)

Having a little be of an problem here.

We are wanting to get a few select users access outbound to get to a
client's PIX that has vpn connection capability. I can get the VPN
tunnel established by allowing udp port 500 out. Once we get the
tunnell up we need to terminal service to a server that they have on
their network. When the tunnel comes up all I see is outgoing packets
and not any coming back in. Currently all our users get nat'd to the
same external IP. I have also tried with a static 1 to 1 nat,
allowing all tcp, udp and gre ports between pc and client's pix, with
the same result.

Does anyone know what to check for on why we can establish the tunnel,
but no recived packets are coming thru?

Thanks for the help.

Nick
Anonymous
July 16, 2004 12:08:21 PM

Archived from groups: comp.security.firewalls (More info?)

"Nick C" <nick_carstensen@hotmail.com> wrote in message
news:ffa4ba31.0407150549.1edf27@posting.google.com...
> Having a little be of an problem here.
>
> We are wanting to get a few select users access outbound to get to a
> client's PIX that has vpn connection capability. I can get the VPN
> tunnel established by allowing udp port 500 out. Once we get the
> tunnell up we need to terminal service to a server that they have on
> their network. When the tunnel comes up all I see is outgoing packets
> and not any coming back in. Currently all our users get nat'd to the
> same external IP. I have also tried with a static 1 to 1 nat,
> allowing all tcp, udp and gre ports between pc and client's pix, with
> the same result.
>
> Does anyone know what to check for on why we can establish the tunnel,
> but no recived packets are coming thru?
>
> Thanks for the help.
>
> Nick
Try turning off Keepalives if the VPN client has the ability. The
keepalives use the UDP port 500. The firewall will timeout allowing the,
what looks like unsolicited UDP packets attempting to come back into the
firewall.
Sometimes the firewall is not setup properly to allow the UDP 500 in and out
all the time.
??
J--
www.pccitizen.com Safe Computing, Home wired and wireless networking tips.
....You spend your whole life figuring out what you should have done with it,
let alone what it was all about. And then your children get to do it all
over again..
!