Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco Remote Access VPN Problem

From: "Firewall-Wizards" <Firewall-Wizards () govnet gov fj>
Date: Thu, 8 Sep 2005 16:59:40 +1200
 
Yep. Tried that before. No luck :-(

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul
Melson
Posted At: Thursday, September 08, 2005 6:22 AM
Posted To: Firewall-Wizards
Conversation: [fw-wiz] Cisco Remote Access VPN Problem
Subject: RE: [fw-wiz] Cisco Remote Access VPN Problem


Static arp entries using the arp command won't help.  Enabling proxy-arp
on
FE0/1 might.

PaulM 

-----Original Message-----
Subject: [fw-wiz] Cisco Remote Access VPN Problem

Hi Folks 

I can get the tunnel successfully established ,the client successfully
authenticated with RADIUS, SA's formed and virtual ips (from the dmz)
assigned to the remote vpn client. There's static routes present on the
2600 to route internal network traffic to the dmz gateway (ie. fw) which
subsequently has rules to route these vpn traffic inside the internal
network.

..

As a workaround, i tried putting in some static arp entries on the fw ,
for these virtual ips to point to physical dmz interface of the vpn
device The ensuring result was that return traffic made it way back to
the vpn device, but then couldn't get to the actual vpn client :-(


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: