sorry about the cryptic msg. earlier, i realised that there were a few more
errors in the config as well..
* use aaa and specify local authentication (you can use radius or tacacs)
* specify terminate-from hostname (NAS) local name (HGW)
Rest all seems to be ok...
On the router, turn debug
Thanks Nick but I am using Win2K server authentication , and not the Radius
server or any ACS server , how should I go about then ?
I am now able to get the establish the connection and the tunnel is created
as well
and I am getting the following message as well :
4#
r4#
r4#sh vpdn
%No
Hi All ,
I am facing an error for accessing my network from my lap top via VPN
which had windows Millimieum to my router which has got a static Ip address
from the bri0/0 interface .
I want to connect to my win2K server which is configured as a domain
controller on the ethernet
From what I remember you need a particular version of DUN (Dial up network)
I think it was 4.3 . Check the CCO under TEchnical Documents -- VPN
Nick
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30168t=30072
--
FAQ, list
Win 98 second edition has it already as an adapter
-Original Message-
From: Nick S. [mailto:[EMAIL PROTECTED]]
Sent: 27 December 2001 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE: how do I add the vpn dial network adapter in win98
[7:30072]
From what I remember you need a particular
aah... Didnt know that, I had worked on it twice, once with a WIN95 and at
other time with WIN98 (first edition), and both the times we had to download
the DUN.
thanks
Nick
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30174t=30173
It's not in network properties, It's in...
StartSettingsControl Panel Add Remove SoftwareWindows
SetupCommunications VPN Adapter.
-Original Message-
From: Nick S. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 27, 2001 5:33 AM
To: [EMAIL PROTECTED]
Subject: RE: how do I add the vpn
Off topic VPN comment. My employer is FINALLY moving to VPN access to our
company network. This instead of that crappy ISDN RAS telco solution they've
been running for years. I'm so lucky to have been chosen as one of the beta
testers. Probably because I've been complaining so loud for so long
Sound's like you don't have AOL!
I rolled out a 3015 VPN concentrator (Altiga) not too long ago for a client
who had a ton of roaming sales people and outside vendors that I got working
with this. Found out the hard way that AOL will overwrite .dll's used by the
Cisco client software. Don't know
You do indeed hope that it's one of their VPN Concentrators... I've
set up three of those things for three different clients in the past
three weeks. They are super sweet!
My favorite installation so far was integrated into the networks OSPF
routing domain, and utilized SecureID/Radius
Follow these steps to add the virtual private network (VPN) component of
Windows 98:
Double-click My Computer, then Control Panel, and finally Add/Remove
Programs.
Select the Windows Setup tab, then double-click Communications.
Check the box next to Virtual Private Networking.
Click OK
We have a DSL line connected through a Cisco 800 series router. The
connection is very fast until the checkpoint client software is activated to
access a checkpoint firewall vpn in the corporate office. This slows down
the connection drastically. What in the VPN could cause this? I just want
can you clarify for me?
HQinternet827bunch of PC's
PC's are running the Checkpoint VPN client. VPN tunnels go from PC to HQ
Checkpoint device, with the 827 doing only routing/bridging ( depending on
how the ISP is set up )
Is this correct?
When you say the connection slows down
I don't know much about CheckPoint's VPN solutions but the logical
things that could cause degradation in performance could be either
client PC's that now with VPN are required to encrypt/decrypt data,
the end point machine that has to do the same things, some issues within
the infrastructure
I hope this answers your question about esp rules working through your f/w.
ESP uses protocol 50, but you have to set ip filters for tcp and udp as
well. You did not say what type of vpn box you are using, so you will need
to verify. Also, if you have a Net Ranger or similar device, you might
Hi, does anyone know what rule should allow ESP back thru a FW-1 firewall
from a VPN concentrator ? I have it coming INBOUND ok, but the replies get
dropped on the FW internal rule. Very odd.
??
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29759t=29759
Hello,
I followed this link to configure a 1605 router to
CheckPoint 4.1:
http://www.cisco.com/warp/public/707/cp-r.shtml
My network is:
192.168.2.1-(1605)-16.191.40.9916.191.40.39-(checkpoint)-192.168.1.1
VPN tunnel could not established, here is the debug
output from 1605 router:
00:01
Hi,
I have to configure Cisco 801 with IP/Fw plus IPSec feature pack as a VPN
client for PIX 6.0 What details and information do I need from the PIX side
to configure 801.
Swapnil
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29271t=29271
with IP/Fw plus IPSec feature pack as a VPN
client for PIX 6.0 What details and information do I need from the PIX side
to configure 801.
Swapnil
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29281t=29271
--
FAQ, list archives
example
close to what you are seeking.
http://www.cisco.com/warp/public/707/index.shtml#pix
Swapnil Jain wrote:
Hi,
I have to configure Cisco 801 with IP/Fw plus IPSec feature pack as a
VPN
client for PIX 6.0 What details and information do I need from the PIX
side
to confi
Hi,
I have to configure Cisco 801 with IP/Fw plus IPSec feature pack as a VPN
client for PIX 6.0 What details and information do I need from the PIX side
to configure 801.
Swapnil
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29172t=29172
Folx,
Ther serial port of my router is connected to PVT network and ethernet is
connected to Internet,throught which i am going to establish VPN(Ipsec).
My question are...
1)I am not running nat on my router,do i still need to add the following on
my router...
access-list 130 deny ip 10.65.0.0
Ramesh c wrote:
Ther serial port of my router is connected to PVT network and
ethernet is connected to Internet,throught which i am going to
establish VPN(Ipsec).
My question are...
1)I am not running nat on my router,do i still need to add the
following on my router...
access-list 130
Hi Everybody,
I have two Nortels contivity 1600 VPN appliance,and one contvity-1600 i got
128 bit encryption but in another end i have 56 DES option.so i want to
upgrade this to 128 DES.Please help to get the solution.
Regards
Rajneesh
Message Posted at:
http://www.groupstudy.com/form
On Apr 27, 6:24pm, Chuck Larrieu wrote:
}
} one interesting solution I heard was to require two partitions on the hard
} drive. One partition boots to the VPN, the other to normal use. completely
} separate OS installations on both, so that if the non VPN partition is
} compromised, it still
Folx,
1)I have set VPN between 2 private networks over the internet.I want to know
how the packets are forwarded to the destination Or in other words what
really happens on the router when a packet for VPN arrives?
I got a static route
ip route 0.0.0.0 0.0.0.0 210.23.5.6
2)Do i need to enable
Hi Ramesh,
When the VPN is established, the originating host will encrypt the packet
with a key, and send across the internet via a virtual tunnel. When the
destination receive the packet, the VPN box will decrypt the packet with
the same key.
If you are connecting to the destination private
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
user true
Sent: Wednesday, December 05, 2001 9:39 PM
To: [EMAIL PROTECTED]
Subject: VPN/Frame redundant connection? [7:28252]
Hi All...
I have been put into a project where someone else pitched a solution
I try to explain what I mean :
You have a mobile user who uses your VPN. You have an L2TP or Layer 3
transport agreement some of the ISPs (exp : ATT)
Now if your user call ISP which has an agreement with you, this user
transported to you. And you authenticate again (if you want) than give
him
.
all is takes is *ONE* machine with BO on it to wreak havoc on a network!
-Patrick
SentinuS 12/05/01 04:42AM
I try to explain what I mean :
You have a mobile user who uses your VPN. You have an L2TP or Layer 3
transport agreement some of the ISPs (exp : ATT)
Now if your user call ISP which
software and presto, their machine has a nasty virus/worm/trojan. That
nicely designed, expensive VPN cannot stop this.
I understand perfectly that there are VPN technologies that can pretty
sucessfully ensure that an uncompromised machine stays uncompromised, _just
as long as the user does what
on the hard
drive. One partition boots to the VPN, the other to normal use. completely
separate OS installations on both, so that if the non VPN partition is
compromised, it still does not effect the other. anyone heard of this or
doing it now? any comments?
Chuck
-Original Message-
From: [EMAIL
Hi All...
I have been put into a project where someone else pitched a solution to
implement a redundant connection over a dedicated private line (56K) and a
VPN internet connection (frac T1). the hardware are 2 cisco 2611 routers
with the 2 ethernet interfaces, 2 watchguard firebox 1000's
Hi All...
I have been put into a project where someone else pitched a solution to
implement a redundant connection over a dedicated private line (56K) and a
VPN internet connection (frac T1). the hardware are 2 cisco 2611 routers
with the 2 ethernet interfaces, 2 watchguard firebox 1000's
Hi corness,
Thanks fer your earlier replies
My setup as follows..
pvt network-RouterInternet-Pixpvt network
I want to do a VPN between the private networks using ipsec.I am concerned
with router side.The s0 (10.1.0.1/24) of router is connected to pvt network
and e0
I'm not sure I follow...
At any time, regardless of protocol, a remote user coming in on a vpn has
the potential to bring a hacker in with him.
SentinuS 12/01/01 08:35AM
May be. But if you use L2TP or Layer 3 transport on VPN, all your
mobile users could be Local. Thus you don't need
Not sure what you mean by this. The VPN technology used is irrelevant. If
I have a home user who uses their laptop to access the Internet, there are
various ways that machine could become compromised. If that user then
attaches to the VPN, I have a machine on my VPN that is compromised
May be. But if you use L2TP or Layer 3 transport on VPN, all your
mobile users could be Local. Thus you don't need to additional
security on your Mobile user (I mean firewall or anti-virus app.)
SentinuS
Friday, November 30, 2001, 6:07:02 PM, you wrote:
KH Your right, but it is nearly
Hi guys,
Is there any site which give details(Configuration,specs)abt VPN between
Pix firewall and checkpt firewall using IPSec.
TIA
Cheers
Ramesh
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27787t=27787
--
FAQ, list
do a search on the cco and this comes up.
http://www.cisco.com/warp/public/707/cp-r.shtml
jason
-Original Message-
From: Ramesh c [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 05:04 AM
To: [EMAIL PROTECTED]
Subject: VPN between Checkpoint and Pix [7:27787]
Hi guys
answer 'yes'. If there's no prompt and the software doesn't work,
they may just disable their firewall. (yes, it does happen) The problem is
worse if users use their home machines for VPN access. If they use company
assigned laptops with WinNT or 2K, you can fix some of this by not giving
them
Maby i am asking to much ;)
anyway, here goes 'nothing';
Can anyone show me a sample config(or a url) for a VPN on a router 1720?(
assuming it connects through a frame-relay cloud)
thanks in advance
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27841t=27841
anyway, here goes 'nothing';
Can anyone show me a sample config(or a url) for a VPN on a router 1720?(
assuming it connects through a frame-relay cloud)
thanks in advance
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=2784
Good timing Paul, I just installed a VPN module in a 1720 last week. I
have configured the router (after updating the IOS) to establish a
tunnel as a simple router to router peer over the internet, but it is
not complete because the other side is not completely installed yet.
Here
authentication can completely
fix that. When prompted about a new app trying to reach the Internet, they
may just answer 'yes'. If there's no prompt and the software doesn't work,
they may just disable their firewall. (yes, it does happen) The problem is
worse if users use their home machines for VPN
Just want to say thankx to Murphy and Steve for helping out.
Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27858t=27858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report
just answer 'yes'. If there's no prompt and the software doesn't work,
they may just disable their firewall. (yes, it does happen) The problem is
worse if users use their home machines for VPN access. If they use company
assigned laptops with WinNT or 2K, you can fix some of this by not giving
Is there a way to configure a cisco PIX so that a user with a VPN client
connects to the internal network and can also connects to the internet
without doing a split tunnel on a windows 2000 professional? This would in
essence make the remote workstation part of the internal network. Thank
Don't enable split tunneling on the concentrator for that grop when
using the Cisco VPN client or simply route all traffic through the VPN
tunnel.
-Jake
-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 1:29 PM
To: [EMAIL PROTECTED]
Subject
I know but how do you make it so that the client using the VPN client can
access the internet with netscape or whatever without doing a split tunnel.
At 01:48 PM 11/30/2001 -0600, Gibb, Jake wrote:
Don't enable split tunneling on the concentrator for that grop when
using the Cisco VPN client
to take advantage of the clients local ISP connection
for unknown IP requests that are not in our split tunneling list.
-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 30, 2001 1:56 PM
To: Gibb, Jake; [EMAIL PROTECTED]
Subject: RE: VPN client, PIX
Do I have to do anything fancy to the PIX box to allow the client to do
e-mail, netscape, ftp, or whatever on the internet? What do you
mean about DNS settings on the client? The DNS server will be on the
outside. We are not using a VPN concentrator.
At 01:55 PM 11/30/2001 -0600, Gibb
, November 30, 2001 4:04 AM
To: [EMAIL PROTECTED]
Subject: VPN between Checkpoint and Pix [7:27787]
Hi guys,
Is there any site which give details(Configuration,specs)abt VPN between
Pix firewall and checkpt firewall using IPSec.
TIA
Cheers
Ramesh
Message Posted at:
http://www.groupstudy.com/form
You could also try firetower.com - a good security consulting firm.
From: Paul Holloway
Reply-To: Paul Holloway
To: [EMAIL PROTECTED]
Subject: RE: VPN between Checkpoint and Pix [7:27787]
Date: Fri, 30 Nov 2001 20:05:29 -0500
Ramesh,
Here is what you are looking for:
http://www.cisco.com
Hi Guys;
I wonder that VPN is a Backdoor? I really need answers. Please do it.
thanks
SentinuS
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27725t=27725
--
FAQ, list archives, and subscription info: http
VPN could be considered a backdoor. If Joe User has a broadband
connection at home with no firewall or local client firewall installed
then when he/she connects to your VPN that is essentially a conduit for
attackers to potentially compromise. This is an issue that I am dealing
with now. Ciscos
working on this scenario now as well. I am attempting to come up with
a best practice for cleaning a machine, installing a firewall, etc for
any vpn client. Let me know how yours goes!
-Patrick
Gibb, Jake 11/29/01 03:53PM
VPN could be considered a backdoor. If Joe User has a broadband
I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than trying to push it out to each client. That will stop your
back doors. And yes, it even cuts out all connections on a local network. I
have
4 machines
The new version 3.5 of Cisco VPN Client allows local LAN browsing access
with split tunneling. I know there is a big debate over sending all of
your traffic over the VPN just to get to a website that's up the street.
We have multiple PIX firewalls in failover configuration at our head
office
But I think VPN is not Backdoor if you use right Security Policy and
right configuration. There is one issue : Client. If you can secure
your client, there is no weakness.
Thursday, November 29, 2001, 11:47:08 PM, you wrote:
PR Even then though, you're not secure. If the box is compromised
In Texas, USA
Nat Heidler wrote:
I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than trying to push it out to each client. That will stop your
back doors. And yes, it even cuts out all connections on a local
In Texas, USA
Nat Heidler wrote:
I recently installed a VPN at work (city goverment). You would be much
better off disabling split-tunneling at the concentrator level rather
than trying to push it out to each client. That will stop your
back doors. And yes, it even cuts out all connections on a local
Hello,
I've got clients using Cisco VPN client connect to VPN
concentrator at HQ. There are some clients have to be
NATed twice. Will this work? Theriotically, I think it
should work, but it's not documented on CCO. Anyone
got a link?
Thanks in advance.
Jim
: VPN nat twice [7:27589]
Hello,
I've got clients using Cisco VPN client connect to VPN
concentrator at HQ. There are some clients have to be
NATed twice. Will this work? Theriotically, I think it
should work, but it's not documented on CCO. Anyone
got a link?
Thanks in advance.
Jim
Is anyone aware of a known incompatibility with Windows 2000 Pro Internet
Connection Sharing and the Cisco VPN client. It would appear that I connect
to the concentrator but there isn't any traffic going across the pipe.
My configuration is as such
Computer w/ Cisco VPN client -- Win2K w
I like to run Win2K VPN server behind the cisco PIX 520 firewall and
wonderig what port would I need to open on PIX so it sends all vpn
requests to Win2K box running behind the PIX or on SSN.
Has anyone done this ? ANy recommendation would be helpful..
thanks
Inamul
Message Posted at:
http
Inamul-
I run a similar setup with no problem. Here's a snipet of the PIX config.
---
! maps private address to real IP where 172.20.1.65 is MS VPN server.
static (inside,outside) A.B.C.D 172.20.1.65 netmask 255.255.255.255 0 0
! permits ports
On the PIX, you need to open port tcp 1723 and GRE 47, assuming that you
are using Microsoft PPTP buggy stuff.
- Original Message -
From: Inamul
To:
Sent: Tuesday, November 20, 2001 2:15 PM
Subject: What port for Win2K VPN [7:26897]
I like to run Win2K VPN server behind the cisco
Thank you for your help, this will be temorary solution
so MS buggy software will do it for now as VPN has
to be up by tomorrow.
Eventually, I would like to use PIX vpn sollution
but do not much about PIX yet and do not have
time to spend days to figure it out. I will be using
PIX later when I
It's supposed to allow you to manage multiple VPN tunnels using Cisco
PIX firewalls and VPN concentrators. I am trying to get a copy from
Cisco now.
-Jake
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Hansraj Patil
Sent: Friday, November 16, 2001 5
In order to enable the vpn between the cisco 3640 with vpn function and the
win2000,and communicate between both private networks. When the packets
outbound into other side private network,if their real destination ip
address is hided inside the packets and the destination ip address routed
If I understand you correctly, yes. The real destination IP is hidden, and
the destination IP address visible to the internet is the VPN server on the
other side.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26511t=26452
--
FAQ
connected to our LAN through VPN but the static client can not. He can only
access the internet when disconnected from our LAN. I would like the static
client to be able to access the Internet while connected to our LAN as well.
Any ideas?
Thanks,
John
Message Posted at:
http
Never heard of this VPN monitoring software.
What does it do ?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gibb, Jake
Sent: Wednesday, November 14, 2001 8:09 AM
To: [EMAIL PROTECTED]
Subject: VPN monitoring software [7:26235]
Has anyone used
Hello,
I've got two sites which use the same IP address (but
there is no duplicate IP address) and I want to
encrypt the serial link between them.
So is it possible to create a VPN with a bridging
configuration ? or do I need nat ?
regards,
steve
194.100.1.230-249 range
with 194.100.1.250 being the default gateway for our PCs. For pcs to go
out through the VPN to our 192.168.1.x network, I would request that
they put a route on their gateway which I think is their firewall to
route 192.168.1.x traffic to the our sonicwall box.
On the other end
Has anyone used Ciscos VPN monitoring software? We have a handful of
tunnels that we need remote management for..
-Jake
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26235t=26235
--
FAQ, list archives, and subscription info
hi , anyone
knows if Linux Client by Cisco for VPN concentrator
3005 supports Internet sharing .
What I mean is if a Linux server dialups to the VPN
3005 server . Can it be installed for internet sharing
for the rest of the Linux clients?
regards,
suaveguru
Hello,
We've got 3660 at central office and PIX at satellite
ofices to do IPSec VPN. Sometimes PIX couldn't connect
3660 and I have to reboot 3660 to make it work. I'm
wondering if there is a easy way, say clear the
connection, so I don't have to reboot the 3660?
Thanks in advance.
Jim
between the two
boxes.
Paul Lalonde
Jim Bond wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello,
We've got 3660 at central office and PIX at satellite
ofices to do IPSec VPN. Sometimes PIX couldn't connect
3660 and I have to reboot 3660 to make it work. I'm
w
we are using vpn client (3.0.6 rel 2 and 3.1.1) to connect to vpn 3000
concentrator with RSA ACE server 5.0 authenticating the connections. put
windows 98 in the mix and there tends to be problems.
#1 problem - VPN Subsystem unavailable - cannot make IPSec Connection
#2 problem - VPN client
propose marriage.
Start reading the recommended books for the CCIE Security exam. I have
read
about half of them and they really helped me to understand the environment
of VPN.
Finally, the RSA series of books. They really helped me again to
understand
where Cisco was coming from and why certain
scanned by MAILSweeper.
Hi everybody,
I have serious problem. In our office we have to implement VPN whereby 2
sites can have secure connections. We have ISP providers who has given us
public IP addresses 202.145.x. x .We have ISDN dial up
Just go read RFC 2401-9 They will help you a lot.
I would give you my texts but they are sacred to me now. :-)
I am sure that the official Cisco Study book for this is coming out soon.
Just get that and read it, sleep with it, propose marriage...blah!
Study tactic look here
Check the 'Release Notes for Cisco VPN Client, Release 3.0'. There are
several open caveats which may be relevent, in particular CSCds65138 and
CSCdt23662.
Make sure,
(1) that the user uses domain user logon.
(2) your network's WIN server ip address appears on the ppp adaptor if it is
dialup VPN
Thanks guys,
I'm going to go with the hardware.
Now I just need to figure out how I'm going to put voice over it. :-)
Thanks again,
-Original Message-
From: Bill Carter [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 07, 2001 3:36 PM
To: [EMAIL PROTECTED]
Subject: RE: VPN
I have a 1720 router with the VPN/firewall software
installed. Does any one have a sample config to setup
the router to allow users to VPN in from home? All I
can find on Cisco's site is how to create a branch to
branch tunnel.
It would be appreciated.
- D.S
What will your users be using? Vpn client 3 or cisco secure client 1.1 or
win2k vpn client?
Now offering CCIE Security Lab Subscription Pacakge and Remote Bootcamp
-Keyur Shah-
CCIE# 4799 (Security; Routing and Switching)
css1,ccna,ccda,scsa,scna,mct,mcse,mcp+i,mcp,cni,mcne,cne,cna
Hello
I've been attempting to setup a Pix VPN with L2TP and IPSec on win2k clients
with a pix/w2k-CA/PDC. I've installed the CA services, generated the
appropriate keys and configured the algorithm and hash types on both sides.
as follows
isakmp enable outside
isakmp peer ip 192.168.1.247 no-xauth
I've used a few variations of VPN products and here are some thoughts that
might help.
1. Use something that supports industry-standard specs such as IPSEC,
ISAKMP, etc. In the past I have primarily used Shiva (now Intel) which is
REALLY easy to deploy and manage, but is also very proprietary
Have you looked at the Cisco 3000 series VPN concentrators? They are
awesome! Very easy to setup and configure. Have an excellent client that
currently supports Win95/98/ME/NT/2000/Linux and there is Mac support in
beta now. It also has a hardware client (the 3002) if you need remote
offices
Does anyone have any recomendations on VPN producs? Links to articles
and personal experience woudl be great.
As far as know Cisco VPN concentrators, Check Point, and Nokia rules the
market. What is your opinion on that.
Thanks,
Alex
[GroupStudy.com removed an attachment of type text/x-vcard
Thanks Hansraj!
I looked at your config. There is only one command that I do not have
isakmp identity outside
I am downgrading my IOS to 5.2(5) and 5.2(3) to see if it works. I have had
problems with the VPN concentrator 6.x IOS with partner and client tunneling
and did the same thing
IPSec does not work with PAT on a PIX. You can with NAT though.
http://www.cisco.com/warp/public/707/ipsecnat.html
Allen
- Original Message -
From: Theodore stout
To:
Sent: Wednesday, October 24, 2001 1:02 AM
Subject: RE: PIX with PAT and VPN [7:23490]
I got the same access-lists
] [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 1:41 AM
To: [EMAIL PROTECTED]
Subject: Re: PIX with PAT and VPN [7:23490]
I tried this and it did not work. When IPSEC negociates a VPN
session
between the two PIX's, it will PAT an internal device from
Network
PAT can now use the same address as the outside interface with the
'interface' keyword:
e.g., global (outside) 1 interface
- Original Message -
From: Patrick Ramsey
To:
Sent: Wednesday, October 24, 2001 7:34 AM
Subject: RE: PIX with PAT and VPN [7:23490]
You definately want to use
with PAT and VPN [7:23490]
You definately want to use a different ip addres for PAT than what you
have
set on the interface. I'm surprised PAT is even working, unless cisco
has
made some changes to their code recently.
-Patrick
Message Posted at:
http://www.groupstudy.com/form
] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 23, 2001 11:02 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX with PAT and VPN [7:23490]
I got the same access-lists on both sides and they have been verified by
other people. I know this will not take me down.
If you can e-mail me the config
:help with troubleshooting Cisco VPN connection in [7:23695]
Can someone in this group help me with this problem?
I am trying to setup VPN connections for remote users (people
who use laptops on the road or when people to who are on their
own corporate network) to connect to my home
Chris,
I don't know how long you have been working with PIX but on the VPN client,
the client will get an IP between 172.16.2.1 and 172.16.2.254. The
access-list will make the necessary connectivity to 172.16.1.0/24 network.
If you've read this post from start to finish, you would know
901 - 1000 of 1685 matches
Mail list logo