Friesnds,
Did lot of work on this issue. It may not work.
The reason:
Secure remote first dowload topology info. Then it
writes the info to user.c file on client machine.
It writes the IP addr of fw1 interface rather than
real public IP.
For auth It trys to reach the interface IP on FW1
instead of public IP which is unreachable, hence the
auth fails.
HTH
pat
--- Allen May <[EMAIL PROTECTED]> wrote:
> Did you remember to put the nat statement in for the
> IP range that the
> secureremote users are using and set up the
> access-list permits for them as
> well?
>
> Chapter 10 in the IPSec User Guide 5.3 covers this
> pretty well.
>
> ----- Original Message -----
> From: "pat" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, January 30, 2001 10:27 PM
> Subject: Re: securemote through pix firewall
>
>
> > Well am too having the same problem. The issue
> seems
> > to be due to address translation the PIX does. The
> > actual address on the firewall interface(outside)
> is
> > different & the secure remote client uses
> different IP
> > (IP mapped by PIX) to establish the session. But I
> > don't understand why authentication fails.
> >
> > In my case topology dowload goes through, but
> > authentication fails. If i sit behind PIX
> everything
> > is fine. PIX is trnslating Public IP to Private
> IP.
> > Let me know if you get to know why this happens.
> >
> > thanks.
> >
> >
> > --- [EMAIL PROTECTED] wrote:
> > >
> > >
> > >
> > > HEI
> > >
> > > I hope someone could help me with a big problem
> Ive
> > > got.
> > > My client needs to use securemot ipsec program
> > > through a pix firewall to a
> > > firewall1 at the remote sight.
> > > theres no problem to get key exchange process,
> and I
> > > am beeing prompted for
> > > password and username.
> > > after this the program says the authentication
> is
> > > OK, but explorer comes up with
> > > cannot find the page.
> > > When I test the same procedure connected without
> the
> > > pix everything functions
> > > OK.
> > > Could anyone please give me a tip to solve this
> > > situation.
> > >
> > > Thank you
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Get personalized email addresses from Yahoo! Mail
> - only $35
> > a year! http://personal.mail.yahoo.com/
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
