VPN Client thru PIX to PIX. Unable to get packets accross ..

Archived from groups: comp.security.firewalls (More info?)

Having a little be of an problem here.

We are wanting to get a few select users access outbound to get to a
client's PIX that has vpn connection capability. I can get the VPN
tunnel established by allowing udp port 500 out. Once we get the
tunnell up we need to terminal service to a server that they have on
their network. When the tunnel comes up all I see is outgoing packets
and not any coming back in. Currently all our users get nat'd to the
same external IP. I have also tried with a static 1 to 1 nat,
allowing all tcp, udp and gre ports between pc and client's pix, with
the same result.

Does anyone know what to check for on why we can establish the tunnel,
but no recived packets are coming thru?

Thanks for the help.

Nick
1 answer Last reply
More about client unable packets accross
  1. Archived from groups: comp.security.firewalls (More info?)

    "Nick C" <nick_carstensen@hotmail.com> wrote in message
    news:ffa4ba31.0407150549.1edf27@posting.google.com...
    > Having a little be of an problem here.
    >
    > We are wanting to get a few select users access outbound to get to a
    > client's PIX that has vpn connection capability. I can get the VPN
    > tunnel established by allowing udp port 500 out. Once we get the
    > tunnell up we need to terminal service to a server that they have on
    > their network. When the tunnel comes up all I see is outgoing packets
    > and not any coming back in. Currently all our users get nat'd to the
    > same external IP. I have also tried with a static 1 to 1 nat,
    > allowing all tcp, udp and gre ports between pc and client's pix, with
    > the same result.
    >
    > Does anyone know what to check for on why we can establish the tunnel,
    > but no recived packets are coming thru?
    >
    > Thanks for the help.
    >
    > Nick
    Try turning off Keepalives if the VPN client has the ability. The
    keepalives use the UDP port 500. The firewall will timeout allowing the,
    what looks like unsolicited UDP packets attempting to come back into the
    firewall.
    Sometimes the firewall is not setup properly to allow the UDP 500 in and out
    all the time.
    ??
    J--
    www.pccitizen.com Safe Computing, Home wired and wireless networking tips.
    ....You spend your whole life figuring out what you should have done with it,
    let alone what it was all about. And then your children get to do it all
    over again..
Ask a new question

Read More

Firewalls Networking