ESP packets blocked

[JEFF11]

Hi

I'm running a PIX 506E which handles:

- Internet access to my local network using PAT on the outside interface
- 3 site-to-site VPNs on the outside interface
- Cisco client VPN connections (on the outside interface too)

All this is working perfectly fine.

Now I need to establish from one of the workstations on my inside network, a VPN tunnel using an third party VPN client software which uses UDP 500 and IP 50 (esp). the remote VPN gateway is accessible on the internet.
The VPN software can establish the VPN tunnel with the remote gateway but the traffic which goes through that tunnel is blocked by my PIX. I debugged my inside and outside interface and I can see that the packets are entering the inside interface but are not transfered to the outside interface.

I have not setup any rules to block ESP packets so I don't know why they are not routed...

Any ideas ?

thanks

Jeff

 

[JEFF11]

Hi,

I have investigated a bit more as I had the same issue when trying to establish a VPN tunnel through PPTP from the same workstation.
In order to have this working I had to add a fixup on the pptp protocol to see the packets over pptp going through the PIX. I then just thought I could do the same thing with ESP but it won't let me do it saying ISAKMP is activated on my outside interface.
I can't desactivate ISAKMP because my router have VPN's setup and I can't use fixup on ESP because I can't desactivate ISAKMP... Is there another alternative ?

Thanks

Jeff.