From: Joseph McEvoy (JMcEvoy@xxxxxxxxx)
Date: Wed Aug 29 2001 - 20:46:52 GMT-3
No, they are customer sites. My original goal was to have VPN connectivity
from anywhere. (Excluding of course those sites that are explictly blocking
that type of traffic).
The PIX at the test remote site was under my control, and it allowed all
outbound traffic. My thoughts was that some of the ISAKMP traffic was being
blocked because it was initiated from the PIX at HQ.
-----Original Message-----
From: Larry Roberts [mailto:lroberts22@qwest.net]
Sent: Wednesday, August 29, 2001 8:04 PM
To: Joseph McEvoy; ccielab@groupstudy.com
Subject: Re: ISAKMP Ports blocked when using VPN client?
Hi Joseph,
Sounds to me like the other Firewall is blocking ISAKMP, AH, and/or ESP. Is
this other firewall under your administrative control?
Sincerely,
Larry Roberts
CCIE #7886
----- Original Message -----
From: "Joseph McEvoy" <JMcEvoy@isgny.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, August 29, 2001 2:46 PM
Subject: ISAKMP Ports blocked when using VPN client?
> Hello Group,
>
> I have installed a PIX running 6.01 and configured it for Cisco's latest
VPN
> client 3.02. Anyway, it works like a charm except when the user is at a
> remote location with firewall. I don't believe this is a NAT/PAT issue, as
I
> can connect from home using a Linksys router that is doing PAT. My only
> guess is that our PIX (the VPN termination point) is initiating an ISAKMP
> key exchange back to the client after the client goes through exchanging
its
> key.
>
> Does anybody have a workaround, or at the very least can anybody confirm
why
> this is happening?
> TIA -Joe McEvoy
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:00 GMT-3