Are you trying to set up a pool of IP addresses that are public IPs on the
external interface? I've got it set up using a pool of IP addresses
matching the internal interface subnet, set up NAT for that pool, and tada!
You may have an ACL issue if it's assigning external IP's to the user. I'm
not sure and haven't had my coffee yet, but it seems if it adds an external
IP that the remote station would have a new route added internally to route
traffic for the external interface of the PIX through the VPN tunnel...which
could possibly really mess with you being able to access the external
interface itself for the tunnel. Let me think more on this before I
elaborate ;) (going to get coffee right now!)
Allen
----- Original Message -----
From: "pat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, January 31, 2001 11:39 PM
Subject: Re: securemote through pix firewall
> Friesnds,
>
> Did lot of work on this issue. It may not work.
> The reason:
> Secure remote first dowload topology info. Then it
> writes the info to user.c file on client machine.
> It writes the IP addr of fw1 interface rather than
> real public IP.
> For auth It trys to reach the interface IP on FW1
> instead of public IP which is unreachable, hence the
> auth fails.
>
> HTH
>
> pat
> --- Allen May <[EMAIL PROTECTED]> wrote:
> > Did you remember to put the nat statement in for the
> > IP range that the
> > secureremote users are using and set up the
> > access-list permits for them as
> > well?
> >
> > Chapter 10 in the IPSec User Guide 5.3 covers this
> > pretty well.
> >
> > ----- Original Message -----
> > From: "pat" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>
> > Sent: Tuesday, January 30, 2001 10:27 PM
> > Subject: Re: securemote through pix firewall
> >
> >
> > > Well am too having the same problem. The issue
> > seems
> > > to be due to address translation the PIX does. The
> > > actual address on the firewall interface(outside)
> > is
> > > different & the secure remote client uses
> > different IP
> > > (IP mapped by PIX) to establish the session. But I
> > > don't understand why authentication fails.
> > >
> > > In my case topology dowload goes through, but
> > > authentication fails. If i sit behind PIX
> > everything
> > > is fine. PIX is trnslating Public IP to Private
> > IP.
> > > Let me know if you get to know why this happens.
> > >
> > > thanks.
> > >
> > >
> > > --- [EMAIL PROTECTED] wrote:
> > > >
> > > >
> > > >
> > > > HEI
> > > >
> > > > I hope someone could help me with a big problem
> > Ive
> > > > got.
> > > > My client needs to use securemot ipsec program
> > > > through a pix firewall to a
> > > > firewall1 at the remote sight.
> > > > theres no problem to get key exchange process,
> > and I
> > > > am beeing prompted for
> > > > password and username.
> > > > after this the program says the authentication
> > is
> > > > OK, but explorer comes up with
> > > > cannot find the page.
> > > > When I test the same procedure connected without
> > the
> > > > pix everything functions
> > > > OK.
> > > > Could anyone please give me a tip to solve this
> > > > situation.
> > > >
> > > > Thank you
> > > >
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations
> > to
> > > [EMAIL PROTECTED]
> > >
> > >
> > > __________________________________________________
> > > Get personalized email addresses from Yahoo! Mail
> > - only $35
> > > a year! http://personal.mail.yahoo.com/
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> > >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
