Linksys VPN client from behind a Pix Firewall

[Rookcr]

Good day,

In my home network I have a Linksys WRV54G Wireless Router. It acts as an endpoint for it's own VPN client. I currently have it configured as my external Firewall/Router at home through a cable modem. I am unable to establish connection to the device while sitting behind the Pix 515 at my comapny, or a Pix 506 & 501 at 2 different companies. The only messages I see in the Pix SYSlog are as follows:

<163>Sep 12 2005 08:36:47 GBPIX : %PIX-3-305006: regular translation creation failed for protocol 50 src inside:192.168.xxx.xxx dst outside:yyy.yyy.yyy.yyy

Any ideas?

Thanks in advance.

 

[julianmd]

Take a look here:

http://www.cisco.com/en/US/products...s_configuration_example09186a0080094a5a.shtml

Julian Dragut

 

[Rookcr]

I believe the VPN endpoint on the Linksys is a IPSEC VPN.

 

[zombie2005]

I went to

http://www.wisemouse.com

and brought a PIX-515 and I gotta say this company has really good service and the price is better than any other It dealer on the net actually if you call them they will give you a real taste on how competitive the price is

HIGHLY RECCOMENDED

 

[chicocouk]

Ideally you want a vpn client that supports Nat-T. Unfortunately the linksys box you've got doesn't support that. So you need to turn on IpSec pass-through on the pix. This will only allow one tunnel to be initiated from behind the pix, so you can't use this on multiple clients behind the pix at the same time. To do that you need to look into configuring static ESP translations for the internal hosts, you need one publicly routable ip address for each host that you want to allow out from behind the pix.

Assuming you only have one client behind the pix that needs this functionality, add the following to your pix config;

fixup protocol esp-ike

You need to be on at least PIX o/s 6.2(1) for this to work (from memory)

CCNA, CCSA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP