Questions

Connecting a VPN behind cisco pix 515e firewall

+
0 Votes
Locked

Connecting a VPN behind cisco pix 515e firewall

prathiviji
HI,

From one of the client machine which is behind a cisco pix firewall, I am trying to connect to a a remote machinw using vpn. When i dial the connection, it stays as veryfying Username and password and doest connect. What's the configuration issue in Cisco PIX

Any help will be much appreciated

thanks
Pradeep
  • +
    0 Votes
    bzaidipk

    First of all, specify through which protocol you want to connect. If this through PPTP, then on the other end, PPTP port 1723 must be opened in firewall which is at other end. And use connection protocol PPTP while conencting from Client.

    Hope this will sort out the matter.

    Rehan

    +
    0 Votes
    jcummings

    I had the same issue. Along with allowing the usual protocols, I had to add a fixup line for PPTP.

    fixup protocol pptp 1723

    That along with these lines in the access list allowed me to VPN out:

    access-list 100 permit udp any any eq 1701
    access-list 100 permit tcp any any eq pptp
    access-list 100 permit udp any any eq isakmp
    access-list 100 permit udp any any eq 5500

    +
    0 Votes
    dotnetnoob

    I think I have the same problem. Trying to connect from behind a PIX 506e to a remote 506e with client 4.6...can't authenticate with the client.

    I can connect to the remote 506e when I test from locations outside this network.

    Is this a fixup issue? If so, what protocol needs to be fixed/no-fixed?

    +
    0 Votes
    alenstanojevic

    try alias command for that matter - enables inside users to access company resources by their outside public ip addresses!
    here is an article :
    http://www.cisco.com/warp/public/110/alias.html#topic1

    Hope it helps - did for me (after a week of seeking the solution)

    Regards,
    Alen

    +
    0 Votes
    cmesut

    On the remote and Local Pix(where Vpn Client is behind it) Pixes just apply :

    PixFrw# config term
    PixFrw(config)# fixup protocol pptp 1723
    PixFrw(config)# isakmp nat-traversal

    That's it ...Working great ...

  • +
    0 Votes
    bzaidipk

    First of all, specify through which protocol you want to connect. If this through PPTP, then on the other end, PPTP port 1723 must be opened in firewall which is at other end. And use connection protocol PPTP while conencting from Client.

    Hope this will sort out the matter.

    Rehan

    +
    0 Votes
    jcummings

    I had the same issue. Along with allowing the usual protocols, I had to add a fixup line for PPTP.

    fixup protocol pptp 1723

    That along with these lines in the access list allowed me to VPN out:

    access-list 100 permit udp any any eq 1701
    access-list 100 permit tcp any any eq pptp
    access-list 100 permit udp any any eq isakmp
    access-list 100 permit udp any any eq 5500

    +
    0 Votes
    dotnetnoob

    I think I have the same problem. Trying to connect from behind a PIX 506e to a remote 506e with client 4.6...can't authenticate with the client.

    I can connect to the remote 506e when I test from locations outside this network.

    Is this a fixup issue? If so, what protocol needs to be fixed/no-fixed?

    +
    0 Votes
    alenstanojevic

    try alias command for that matter - enables inside users to access company resources by their outside public ip addresses!
    here is an article :
    http://www.cisco.com/warp/public/110/alias.html#topic1

    Hope it helps - did for me (after a week of seeking the solution)

    Regards,
    Alen

    +
    0 Votes
    cmesut

    On the remote and Local Pix(where Vpn Client is behind it) Pixes just apply :

    PixFrw# config term
    PixFrw(config)# fixup protocol pptp 1723
    PixFrw(config)# isakmp nat-traversal

    That's it ...Working great ...