Does anyone no why an inside (lan) vpn client would be blocked by pix

[ajinc]

Hello All,
I'm Backkkk....

I still need some ideas on why my PIX is not allowing my vpn client to connect with an outside endpoint.
Has anyone out there ever have this issue.

Briefly

dsl modem ===>PIX===>ethernet switch===>pc w / vpn client (sfaenet & cisco 4.6)

My vpn clients can not connect to the vpn endpoint router when the pix is on the network.

dsl modem ===>ethernet switch=== pc w / vpn client (safenet & cisco 4.6)

vpn clients connect.

I don't understand why the pix would stop my vpn client outbound I don't have any acl's defined to stop any outbound traffic.

All other Internet communications work fine, it's just this vpn client issue.

PLEASE I need any ideas I could try.. I have been off forum for a while trying to figure this out on my own, but I GIVE UP!!!!

Thanks for any ideas.

 

[Tekmazter]

I can tell you that in order to do this on my network, I have always had to create a special ACL to allow an internal user to use their VPN client (usually Checkpoint) over my pix to another network. I do believe that when the client goes out, on the return, there are additional ports that the remote host attempts to establish a connection on and these are dropped unless a permit ACL is put in place. At least that is my basic understanding of it.

Someone esle care to elaborate further? I'd much rather offer a more technical answer than the aformentioned.

 

[ajinc]

Thanks for the reply Tekmazter,
Could you post the acl that you had to use to accomplish vpn client connectivity, so that I may see if I could adapt it to my situation?

Thanks for any help