Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
2
Replies

asa esp policy

whanson
Level 2
Level 2

‎02-01-2007 05:07 PM

Pix 6.3 had a fixup of esp-ike that worked with pat. It appears that this is gone as of 7.0 code. It only appears to work with nat?

Am I correct.

Labels:
0 Helpful
2 Replies 2

bthibode
Level 1
Level 1

‎02-03-2007 06:33 PM

Version 7.0 will work with PAT. The fixup is gone, however.

Enhanced VPN NAT Transparency:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_rn/pix_70rn.htm#wp162358

The fixup protocol esp-ike command is not supported in PIX Security appliance Version 7.0. This feature is suited for the PIX 501 and 506/506E platforms, which PIX Security appliance Version 7.0 does not currently support. The workaround requires that the client and head-end be NAT-T capable.

All you have to do is enable nat-t on both ends of the tunnel.

Please rate if this helps!

0 Helpful

whanson
Level 2
Level 2
In response to bthibode

‎02-05-2007 12:08 PM

Thx, the issue is that we are going to the ASA5504 for home use and one user must access contivity through the home ASA. W/O ike/esp fixup, this is no longer possible.

Bill

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents