Easy VPN Config problems

Answered Question

Hello,

I have Pix 515E PIX Version 6.2(2).I am trying to setup easy VPN server on it. This pix did not recognised the following comand line.

1.

crypto dynamic-map outside_dyn_map 70 set reverse-route


2.

crypto isakmp nat-traversal 70

or isakmp nat-traversal 70


3. Tunnel-group


are there any command line that I can use inplace of these.I have also attached my config so I would be very grateful if someone could check and advice me what needs to done to bring this connection up.


Thanks




Attachment: 
Correct Answer by Farrukh Haroon about 8 years 12 months ago

Have a look at this:


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml


Yes nat-t is available on 6.3.x and above and not it is not enabled by default on the PIX/ASA. On the IOS it is.


Please rate if helpful, Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
Daniel Voicu Thu, 07/31/2008 - 03:45
User Badges:
  • Silver, 250 points or more

Hi,


Tunnel-group is not required in 6.x as you use the command vpngroup.


NAT is detected automatically, so you don't need any special configuration for it.However, you should have the ability to enter the command "isakmp nat-traversal 20". This is only to specify the timeout (default 20). NAT-T is always enabled by default.


You can configure the use of NAT transparency on the VPN client.


Please rate if this helped.


Regards,

Daniel



Actions

This Discussion