02-01-2007 05:07 PM
Pix 6.3 had a fixup of esp-ike that worked with pat. It appears that this is gone as of 7.0 code. It only appears to work with nat?
Am I correct.
02-03-2007 06:33 PM
Version 7.0 will work with PAT. The fixup is gone, however.
Enhanced VPN NAT Transparency:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162358
The fixup protocol esp-ike command is not supported in PIX Security appliance Version 7.0. This feature is suited for the PIX 501 and 506/506E platforms, which PIX Security appliance Version 7.0 does not currently support. The workaround requires that the client and head-end be NAT-T capable.
All you have to do is enable nat-t on both ends of the tunnel.
Please rate if this helps!
02-05-2007 12:08 PM
Thx, the issue is that we are going to the ASA5504 for home use and one user must access contivity through the home ASA. W/O ike/esp fixup, this is no longer possible.
Bill
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: