This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

can ASL pass VPN client(IPsec) from in to out ?

I have a problem on ASL 5.0 firewall  recently.

1. system background :
    H/W : Intel P4 2.8G/ 512M DDRAM/40G HD
    LAN: Intel Giga card
    ASL Version : 5.021  license : 250 IPs

2.Problem situation :
     Local subnet(single user with Cisco VPN client V4.0 on WIN XP) ---ASL F/W-- internet ---Cisco VPN 3005--- Remote server

         The single user  need create a IPsec tunnel assthrough ASL f/W from inside to access remote server ( http, ftp .....other ap)
The custom have do SNAT/DNAT for the singel user. then the sing user can pass cisco VPN 3005 authorization and get a address.
It still can't work as well . some time is ok. but almost time is fail to access remote server.

   When ASL f/w alter to other vender firewall or NAT device , It can work as well.
       The custom don't accept we to  build a vpn on ASL F/W with Cisco VPN 3005.

Can you all give me  some advice or experience on  the same problem  ?

Thank you !

This thread was automatically locked due to age.

0 Mha over 20 years ago

we use an ASL 5 (5.1 since y-day) for our company and some internal computers use Cisco-client VPN to access external networks without problem
those computers are masqueraded on ASL's external card
we also permitted them some ports, depending of the cisco client (either ISAKMP and ESP or ISAKMP and another port)
most of our problems came from the other network tbh [;)]
Cancel
Vote Up 0 Vote Down

Cancel